Post on 13-Apr-2020
transcript
1
Art “Wally” Wachdorf
24 AF/CA
24 AFOperationalizing
Cyber
Montgomery IT Summit
2
Unclassified
Unclassified
Foundational Principles
• Only operational domain that is man-
made
• Physical Domain (A place, Not a
mission)
• Where Operations are conducted
(Like Land, Sea, Air & Space)
• Integrate operations conducted
across domains (don’t integrate
domains)
• It’s About Mission Assurance (not
Network Assurance)
"Cyberspace is not a mission, it is a place where
operations are conducted … and is about assuring
the mission, not about assuring the network”
–Maj Gen Dick Webber, AFNS, 20 Nov 09
3
Unclassified
Unclassified
The Battle has Come to Cyberspace
“Make no mistake about it, the fight is on in cyberspace “
- Gen C. Robert Kehler
• Who
• Individual hackers
• Organized crime
• Transnational groups
• Nation states
WAN Interface Cards
• What
• Known vulnerabilities
• Attack applications vice OS
• DoD contractors (attack seams)
• Reverse engineer anti-virus
• “Spear” phishing (targeted)
• Supply chain
4
Unclassified
Unclassified
24th Air Force
689 CCW,
Col Giorlando688 IOW,
Col Skinner
CC,
Maj Gen
Webber
67 NWW,
Col Shwedo
624 OC,
Col Diaz
770 ISRG(P),
Lt Col Hamrick
5
24 AF Mission (USAF’s Cyber Force)
24 AF Mission: Extend, operate and defend the Air
Force portion of the DoD network and to provide full
spectrum capabilities for the Joint warfighter in
through and from cyberspace
Mission Assurance for Joint Operations
• Network Operations
• Information Operations
• Combat Communications
• 4,300 Active Duty &
Civilians
• Full Spectrum
Network Ops
• Maintenance
• 11,000 ARC
6
Unclassified
Unclassified
Establish, plan, direct, coordinate, assess, command &
control cyber operations and capabilities in support of
Air Force and Joint requirements
624th Operations Center
24 AF/CC
ISR
Division
(ISRD)
Strategy
Division
(SRD)
Combat
Ops
Division
(COD)
624 OC/CC
Cyber
Coord
Cell
(CyCC)
LNOs
Stan-Eval (DOV) Training (DOT)
Combat
Plans
Division
(CPD)
Current 624 OC Personnel: 90 (Military, Civilians)
624 OC FY10 Billets: 196
STO
Sys
Support
Operational Orders
• CyOD
• AF-CTO
• CCO
• MTO
7
Unclassified
Unclassified
Communications
Cloud
1. Identify critical mission elements and
supporting infrastructure
DCGS
AOCCreech AFB
AF CircuitArmy Circuit
DISA leased circuit
ASIM/IOP
ASIM/IOP
Mission Assurance
8
Unclassified
Unclassified
Communications
Cloud
1. Identify critical mission elements and
supporting infrastructure
2. Assure infrastructure availability
3. Focus intelligence collection on
mission support
DCGS
Creech AFB
Army Circuit
DISA leased circuit
AF Circuit ASIM/IOP
ASIM/IOP
AOC
2. Hot Back-
up
2. Back-up
circuit – single
point of failure
Intelligence
community
3. IC providing
mission related
Intel
Mission Assurance
9
Unclassified
Unclassified
Communications
Cloud
DCGS
AOC
Creech AFB
1. Identify critical mission elements and
supporting infrastructure
2. Assure infrastructure availability
3. Focus intelligence collection on
mission support
4. Actively defend critical links,
information, and infrastructure
Army Circuit
DISA leased circuit
AF Circuit ASIM/IOP
ASIM/IOP
AOC
4. AFCERT focuses
on msn related
sensors
4, Hunter teams
deploy with
sensors to secure
and defend
AFCERT
Mission Assurance
10
Unclassified
Unclassified
Strategy Based Architecture
Crown Jewels
• DAL
• TBMCS
• TACC
• JSPOC
• Mission critical
systems
Two factor authentication
TPM validation
Comply to connect
Port Identification
Core Systems
• AF Portal
• MyPay
• Trusted partners
Self Managed
Systems
• PMO
• Recruiters
• Red Cross
Access denied
Two factor authentication
IOP IOP
Must Evolve From Perimeter Defense
Virtual Technology
Virtual Technology
Trusted Systems
11
Unclassified
Unclassified
Partnerships
• Seamless integration of Intel and Cyber
• AFISRA and 24AF
• Relationships with National Communities and AF
• AFOSI
• Joint
• Coalition
• Industry
• National Laboratories
12
Unclassified
Unclassified
QUESTIONS?
13
Unclassified
Unclassified
AFNET Macro View
• Standardize / minimize AF Gateways (CITS Blk 30)
• Intrusion Protection System (IOP) at Gateways (Dynamic Defense)
• Intrusion Detection System (ASIM) at each base (known threats)
• Monitor and alert (HBSS) at each machine (CITS Blk 35)
• Cyber C2 weapon system (CCS) (CITS Blk 40)
• Single trouble ticket & IT inventory tracking system
• Theater deployable communication integration
• Move to a single AF forest