220 likes | 416 Views
Defensive Cyberspace Workforce Study IPT #1 March 4, 2010. Phil Ventura OPNAV N81F Information Dominance FY-10 Studies Overall Classification of this brief is UNCLASSIFIED//FOUO. Agenda. Study Plan Task Framework Way-ahead. Objectives. Issue
E N D
Defensive Cyberspace Workforce StudyIPT #1March 4, 2010 Phil Ventura OPNAV N81F Information Dominance FY-10 Studies Overall Classification of this brief is UNCLASSIFIED//FOUO
Agenda Study Plan Task Framework Way-ahead
Objectives • Issue • The Joint Staff has a working framework to establish how many people are required for Computer Network Exploitation and Computer Network Attack. However, a corresponding defensive cyberspace framework doesn’t exist. How may personnel does the Navy need for defensive cyberspace? • Objectives • Document the Navy requirements for defending cyberspace in the functional areas of Network Operations (NETOPS), Computer Network Defense (CND), and Information Assurance (IA) • Document where the requirements should be done • Decompose the steps and skills needed to meet the requirements including where they should be done • Determine how much one person can do as a functional skill and longevity at each location for each requirement • Show how new approaches or planned technologies can reduce personnel required • Make recommendations for the number and type of cyberspace defenders the Navy needs • Resource issues that this study is designed to illuminate: • Navy Total Force Manpower Mix required for IA, NETOPS, and CND • MPT&E changes necessary to mitigate threats • Material changes necessary to mitigate threats
[This slide intentionally blank.] Background
Cyberspace Operations Computer Network Attack (CNA) NETOPS IA Computer Network Exploitation (CNE) Computer Network Operations (CNO) CND Computer Network Defense (CND) Network Operations (NetOps) Information Assurance (IA) Source: Computer Network Exploitation and Attack Manpower Requirements, JROC Briefing, 15 July 2009 Source: Cyber Warfare Manpower Strategy, OPNAV N1, January 2010 Scope Scope • Focus on Navy CND, IA, and NETOPS manpower requirements • Network Operations: Configuring and operating our networks. • Information Assurance: Ensuring information availability, integrity, authentication, confidentiality and non-repudiation. • Computer Network Defense: Protect, detect and respond functions in securing DoD information systems and networks.
Study Approach Data Collection Understand the Current Problem Requirements Instructions CTOs Regular Duties Red Teams Blue Teams Hunt Teams CNE CND/RA Acquisition Chain protection Etc. Defended Networks # of Networks Type of Networks Ownership of Networks Etc. Game Changing* Approaches Active Defense Future Technologies Standup of CYBERCOM and 10th Fleet Etc. • Decompose the steps and skills needed to meet requirements • Document where the requirements should be done (Tier 1, 2, 3, etc.) • Determine how much one person can do as a function of skill and longevity on station • Document what type of person (Navy designator, rate, NEC, Civilian, Contractor) fits the skill set required • Ensure the revisit rate to each network to be effective for each requirement is included (e.g. Blue Team, Red Team, Hunt Teams) • Factor in training pipeline requirements Personnel skill sets required Officers in IW, Intel, IP CT, IT, IS enlisted rates required Civilians Contractors Other applicable military Final Analysis Modeling/Analysis • Evaluate how the game changing approaches or technologies would affect personnel required • Model personnel requirement to real-world scenarios developed for this study Recommend the number and type of cyberspace defenders the Navy needs * Game Changing = Substantial reduction or addition of personnel required or shift in mission focus or approach
SIPR SIPR SIPR SIPR SIPR SIPR NIPR NIPR NIPR NIPR NIPR NIPR C2F C3F C4F C5F C6F C7F IA IA IA IA IA IA IA NETOPS NETOPS NETOPS NETOPS NETOPS NETOPS NETOPS CND CND CND CND CND CND CND MIL/CIV/CTR MIL/CIV/CTR MIL/CIV/CTR MIL/CIV/CTR MIL/CIV/CTR MIL/CIV/CTR MIL/CIV/CTR Navy NETWARCOM Navy CYBERFOR IO, Space, Comms Norfolk, VA Booz Allen Hamilton Naval War College CBCA Navy Information Operations Commands (NIOCs) (10) IO, SIGINT Various CONUS/OCONUS Navy Cyber Defense Operations Command (NCDOC) CND Norfolk, VA Navy Computer & Telecom Area Master Station (NCTAMS) NETOPS Various CONUS/OCONUS Final Analysis & Reporting Stakeholder Workshops Capability Analysis Understanding the Problem Data Collection Approach FFC Ashore Afloat FCC / C10F
Approach (cont.) Mar 4 Apr 1 May 1 May 27 2 1 3 4 5 Data Collection Understanding The Problem Capability Analysis Stakeholder Wargame Final Analysis & Reporting ✔ • NSPD 54/HSPD 23 • USCYBERCOM Implementation Plan • CNO NMETLS • NWP-3-63 • Navy Cyber Capability Statements • Study Plan • Selected Navy Cyber Scenarios • Mission Analysis • Scenarios • Capabilities and Task List • Workforce Requirements • Wargame AAR ✔ ✔ Inputs ✔ WS#3 WS#1 WS#2 ✔ • Review driving strategy and directives • Identify and Develop Navy Cyber Capability Statements • Establish Stakeholders and participant list • Establish Stakeholder teams to include Red and Blue teams • Design Scenarios at different Cyber Threat Levels • Map Capabilities and Tasks to Scenarios • Identify supporting and supported task relationships • Establish performance standards (MOP/MOE) • Identify competency requirements for each task • Validate workforce requirements • Select future tasks and mission requirements by timeframe • Prioritize workforce gaps and shortfalls • Scale workforce requirements • ID “Game Changing” Technologies • Manpower Gap Analysis • Develop total workforce requirement recommendation • Identify cross training and performance efficiencies from across the Information Dominance Corps • Describe impact of “Game Changing” technologies ✔ ✔ Key Activities • Navy Cyber Capability Requirements and Tasks • Comprehensive Terms of Reference and Study Plan • Operational View Architecture descriptions of each scenario • Tasks aligned to operational and tactical units • Workforce Requirement by Scenario/Role: • Competencies Required • Roles Defined • Longevity of Personnel Required • Skill Proficiency required • Recommended personnel composition • Wargame after action report (AAR) • Comprehensive Navy Cyber Workforce Recommendation • Roles & Billet information in TWMS ✔ Output • Bold items are deliverables • Facilitated Workshop
Approach (cont.) IPT#1 IPT#1 Next Next Next Next Next 9
OPNAV N2/N6 • CAPT John Post • Head, Cyber Branch • CAPT Michael Ortwein • CAPT(s) Mickey Batson • CDR Theresa Everette • CDR Joe Brennan • LCDR Ken Gregoire • IA & CND • LCDR Joey Harrison • LCDR Zimmerman • N2N6 Manpower • Sue Prose • NNWC IPT / Study Team • USFF • CAPT Teresa Fairbanks, N1 • CAPT Rich Saunders, N2/N3 • Ms. Jane Barclift, N1D • LCDR Ashley Rose, N2 • Mr. James Cooney, N9 • DOD DIAP • Mr. Steve Bush • OPNAV N1/NPC/PERS • Mr. Dave Smith, N112 • CAPT Boticario, N122 • CDR Maurice Fischer, N122 • Requirements Officer • CDR Don Wilkinson, N131D • Head, Officer Force Shaping • Mr. Ralph DeFalco • IDC MPT&E Strategies • CDR Sean Heritage • IW OCM • CDR Sue Himes • N2/N6 IDC Manpower • CDR Carri Robbins • Intelligence OCM • CDR Julie Schroeder • IP OCM • LCDR Stacy Bowman • ECM (IT, CT, IS) • LCDR Ken Matthias • Intelligence ECM • DON CIO • Mr. Chris Kelsall • Ms. Mary Purdy • Ms. Jennifer Harper • ASN(M&RA) • Mr. Rich Delaquis • ASD(NII) • Ms. Sandy Smith • SECNAV OPA • LCDR Vic Spears • PACFLT • CAPT Jean Benfer, N2 • Ms. Linda Newton, N6 • C10F • CAPT Jim Brokaw, N3 • CAPT Daryl Hancock, N2 • CDR Stone Davis • NSA • Ms. Michele Iverson • IA Campaign Mgr. • Mr. Keith Denton • Navy CYBERFOR • Mr. Mike Knight, IA Wkforce • CWO4 Greg Stone • NTOC • Mrs. Patricia Ihnat, Deputy • NIOC Hawaii • CAPT James Hagy, CO • Mr. Noah Smith, N9 • CYBERCOM • Mr. Rob Schrier, Dep. J33 • NCDOC • CAPT Stephanie Keck, CO • Booz Allen Study Team • Mr. Scott Gooch (PM) • Mr. Bob Breitbeil (Lead) • Mr. Gerald Williams (Cyber) • Mr. Gene Marc (Cyber) • Mr. Mark Monti (CBCA) • Ms. Erin Kordis (CBCA) • Mr. Jim Monahan (HCS) • Ms. Liz Fairweather (M&S) • NNWC • CAPT Len Abbatiello • CAPT Eric Exner • CAPT Craig Eaton • CDR Stone Davis • CDR Vanessa Hamm • SPAWAR / PEO(C4I) • Mr. Ken Bible • Mr. Ted Follas • Mr. Chris Newborn • OPNAV N095/CNRFC • CAPT Bill Carney • CAPT Carlisle Wilson • NCIS • CAPT Gus Otero • Naval War College • Prof. Rich Suttie • OPNAV N814 • CDR Karan Schriver • CID • Mr. Sam Kelly, N31
Study Plan and Terms of Reference • Study Plan (4 Phases) • Data Collection and Framework Development (3 weeks) • Scenario Process, Roles & Competencies, and Surveys (4 weeks) • Workforce Analysis and Game Changing Technologies (4 weeks) • Final Analysis (3 weeks) • Terms of Reference • Strategy-to-Task Mapping Terminology • Capabilities-Based Competency Assessment Terminology • NETOPS, CND, IA Definitions
Sponsor Program Proposals Sponsor Program Proposals IPT IPT IPT IPT IPT Mid-course Review Kick-off Study Plan W/F Reqmt WS AAR OV-6c Initial Results Reqmt & Tasks FEB MAR APR MAY Week 1 Week 1 Week 1 Week 1 Week 2 Week 2 Week 2 Week 2 Week 3 Week 3 Week 3 Week 3 Week 4 Week 4 Week 4 Week 4 Study Events POM Events Legend: PLANNED IN PROGRESS COMPLETED LATE Plan of Action and Milestones Integrated Program Assessment POM 12 Timeline IPT Kick-off Final Brief and Report N81F Timeline Deliverables Scenario Process, Roles & Competencies, and Surveys Workforce Analysis and Game Changing Technologies Data Collection / Framework Development Final Analysis ✔ ✔ ✔ ✔ ✔
Strategy-to-Task Framework Strategic Objectives CONDUCT IA PROCEDURES: PROTECT Establish a secure network CONDUCT NETOPS: MONITOR/ANALYZE/DEFEND Ensure Operation Capabilities DEFEND NETWORK: RESPOND Identify and Mitigate Intrusions CONDUCT NETOPS: MONITOR/ANALYZE/DETECT Ensure Operation Capabilities CONDUCT INFORMATION ASSURANCE PROCEDURES: PROTECT Establish a secure network JCA Net Centric, Force Application/ Engagement, Protection, Command and Control (Capabilities required to Operate, Secure, and Defend the GIG) ST 5.5.7.3 Direct CND SN 5.5.5 Defend the GIG OP 5.6.5.3 Conduct CND OP 5.4.7 Integrate Computer Investigations & Operations in CND ST 5.1.2.3 Manage Information Assurance Policies ST 5.1.6 Establish IA Procedures OP 5.3 Prepare Plans and orders UJTL NTA 2.4.5.3 Provide Indications & Warning of Threat NTA 3.1.6.X Develop Cyber Counter- Targeting Plans NTA 5.5.X Conduct Incident Response Management NTA 5.5.5.1 Provide Computer Network Defense NTA 5.5.5 Perform Information Assurance NTA 2.4.4.1 Identify Issues and Threats SN 2.4.1 Evaluate, Integrate, Analyze and Interpret Information NTA 5.2 Analyze and Assess Information NMETL Operational Activities & Processes Identify database Security concerns Verify Security controls Analyze Packet Headers Identify Access Control List Maintain/ Troubleshoot System Implement INFOSEC Re-image affected systems Develop Intrusion Detection Signatures Detect Malicious Activity on Network Implement Network Firewall Analyze/ Audit System logs Analyze File System Timelines Validate Network Intrusion incident Perform virus scans Analyze Incident for Intelligence value Perform Forensic Analysis
References • NSPD-54/HSPD-23, Cybersecurity Policy, Jan 8, 2008 (TS) • USCYBERCOM Implementation Plan • CNO NMETLS • NWP 3-63, CNO, Jan 2008 • JROCM 023-09 Cyberspace Operations Way Ahead • Navy Strategic Plan in support of POM-12, 09 Oct 2009 • FY2011-2015 Guidance for the Development of the Force, Jul 28, 2009 • DoDD O-8530.1, CND, Jan 8, 2001 • DoDI O-8530.2, Support to CND, Mar 9, 2001 • DoDI 8500.1, IA, Oct 24, 2002 • DoDI 8500.2, IA Implementation, Feb 6, 2003 • DoDM 8570.01-M, IA Workforce Improvement Program, May 15, 2008 • CJCSI 6510.01E, IA and CND, Aug 15, 2007 • SECNAVINST 5239.3a, DON IA Policy, Dec 20, 2004 • Naval Studies Board, IA for Network Centric Naval Forces • Cyber Warfare Manpower Strategy, OPNAV N1, Jan 20, 2010 • Cyberspace Defense Study, OPNAV N81, Oct 29, 2009 • CNO Tasker, Health of Navy Networks – Operational & Tactical Networks, OPNAV N6, Oct 21, 2009 • CND Increment 2 CPD, Nov 23, 2009 • CNE/CNA Manpower Requirements, FS FCB, JROC Briefing, Jul 15, 2009 • USSTRATCOM & USJFCOM Final Report for the Cyberspace Operations (Manning) Objective Experiment, Feb 12, 2009 • USSTRATCOM and NSA/CSS Cyber DCR, Oct 8, 2008 • USSTRATCOM Operational Concept for Cyberspace, Apr 10, 2008 • DI-1577-37-07, Information Operations Capstone Threat Assessment, Apr 2007 • ONI-CTA-005-06, Naval Electronics, Navigation, and Network Systems Capstone System Threat Assessment, Sep 2006 • USSTRATCOM, CND ICD, Jul 14, 2004 • N2/N6 Cyber Roadmap
Way Ahead Study Plan & Task Framework • Comments by 10 March Workshop #1, 23-25 March • Scenario Development • Role Framework Development
Assessing Strategic Guidance National Military Strategy for Cyber Operations Strategic approach to use Cyberspace to ensure Military Strategic superiority in Cyber domain DOD DoD Information Management and Information Technology Strategic Plan (2008-2009) Provide timely access to authoritative, relevant, trusted, and actionable information for all authorized users Support national security missions by sharing information with DoD and external partners Enable assured information sharing across domains and Communities of Interest Ensure that capabilities support the information assurance needs of the net-centric vision Streamline and unify foundational information assurance processes across the DoD and Intelligence Community enterprises Operation ** ( Apr 2009) Establishes USSTRATCOM as responsible entity to direct GIG Operations and Defense Shifts operational focus from individual to enterprise framework across enclaves centralizing planning and decentralizing execution Establishes operations and capabilities within the Six Phase Campaign process via established “Pillars” and Lines of Operations (LOOs) DoD 8570.01M IA Workforce Improvement Program Identifies Workforce & Capability level requirements UNCLASSIFIED/FOUO DoD, Joint, and Navy Guidance National Guidance • JOINT • USSTRATCOM and NSA/CSS Cyber DCR ( Oct 2008) • Continue development of Cyberspace as a mission area through enhanced capability, intelligence, acquisition, and interagency coordination • Identify shortfalls to address a clear solutions matrix • Final Report for Cyber OPS Manning Limited Objective Experiment (Feb 2009) • Study assigned objective to determine manning requirements for the conduct of CNA/CNE in support of COCOM operations • Operational Concept for Cyberspace ( Apr 2008) • Addresses vision for achieving Cyberspace dominance through development of new capabilities, C2 relationships, organizational constructs, training, and policy • NAVY • Navy Strategic Plan (NSP-12) • Provides CNO strategic guidance for effective resource acquisition and allocation for projection of Century Seapower (CS-21) initiatives addressing shortfalls and projected future conflicts • NWP 3-63 Computer Network Operations Vol I • Overview of Computer Network Operations and its respective disciplines and their • Supporting roles within the Information Operations domain • Naval Network Warfare Command Instruction 5450.4A • Describes Missions, Functions, and Tasks (MF&T) for Computer Network Defense operations at Navy Cyber Defense Operations Command (NCDOC) • FLT Cyber Command/ 10th FLT Implementation Plan • Way Ahead to conduct operations in Cyberspace leveraging NSA and DISA efforts and capabilities to achieve FOC • DOTMLPF paradigm inclusion across all Agencies, Services, Multi-National stakeholders • CNO Tasker- Health of Navy Networks (Operational & Tactical) • ID near and long term Security & Reliability • Identify network life cycle requirements • POA&M to mitigate network shortfalls 17
Identifying Cyber Workforce Strategic Objectives UNCLASSIFIED/FOUO CONDUCT INFORMATION ASSURANCE PROCEDURES: PROTECT Establish a secure network CONDUCT NETOPS: MONITOR/ANALYZE/DETECT Ensure Operation capabilities DEFEND NETWORK: RESPOND Identify and Mitigate Intrusions • Apply and monitor system hardware and software configurations and applications IAW directed policy and procedures • Ensure network(s) effectiveness to support Commanders intent and the decision making process • Apply Intrusion Detection, Intrusion Protection and mitigative TTPs to protect the enterprise services 18
Task Definitions (UJTL) UNCLASSIFIED/FOUO 19
Task Definitions (NMETL) UNCLASSIFIED/FOUO 20
Task Definitions (NMETL) UNCLASSIFIED/FOUO 21
STT Primary References Net-Centric Data Strategy DoD 8570.01-M Information Assurance Workforce Improvement Program NSTISSI No. 4011 National Training Standard For Information Systems Security (INFOSEC) Professionals Navy Enlisted Manpower Occupations and StandardsVol I & II OPNAVINST 3500.34F Navy PQS Program Joint Pub 3-13 Information OPS DoDINST 8410.02 NetOPS for the GIG NIST SP 800-53 Information Security NTTP 3-32.1 Maritime Operations Center TTP CONOPS for NETOPS, Information Operations and Space Center (NIOSC) National Military Strategy for Cyberspace Operations NNWC NMETL for IO and SIGINT Capability Area Development CJCSI 6510.01/ 01A/01E IO and CND Series NWP3-63 Vol1 Computer Network Operations UNCLASSIFIED/FOUO 22