Defense Enterprise Cyber Range Environment Command and Control Information Systems
(DECRE C2IS)
ITEA4 Oct 2017
UNCLASSIFIED (U)
UNCLASSIFIED (U)
DECRE C2IS Road to Here• Feb 2013 DOT&E asked the JS J6 to lead an effort to integrate the capabilities of the 4
DECRE partners to build an operationally realistic representation of a CCMD’s networks, C2 systems and process that could be used to support the testing, training and development of cyber capabilities.
• In the past 4 years the DECRE C2IS partners have conducted 28 two/three-week events in the closed environment of the cyber range.
• 2013-2014: Focused on air and missile defense systems in NORAD-NORTHCOM;discovered vulnerabilities in Command and Control systems and implemented cyber effects in support of NORAD-NORTHCOM’s Exercise VIGILANT SHIELD 2014. 1st CPT participated in training on the range.
• 2015: Continued NORAD-NORTHCOM focus and expanded support to include EUCOM exercise Austere Challenge 15. Incorporated an AEGIS weapons system and Missile Defense C2 systems into the environment and demonstrated real time data feed from exercise to the range.
• 2016: Supported USPACOM with a series of cyber training and mission rehearsal events in preparation for Exercise PACIFIC SENTRY 16-2 and 16-3.
• 2016-2017: Built a SECRET//REL FVEY environment to support USPACOM and Australian Defense Force training and mission rehearsal for TALISMAN SABER 17.
UNCLASSIFIED (U)
UNCLASSIFIED (U)
DECRE C2IS Partners
Realistic cyber environment to support vulnerability assessments,cyber security testing and warfighter training
462 SQN Adelaide, AUS
DCOT
TSMOHuntsville, AL
Red Team
NIOCNorfolk, VA
Red Team
CCMD CPT CWIC/JCC, Camp
Smith, HI
CPT
613TH AOC-CDF Hickham AFB, HI
MDT
C4AD Suffolk, VA
C2 Systems/Data
CDSA-USS SecureDam Neck, VA
Navy Labs
Ship C2 Systems
46 TS Eglin AFB, FL
C2 Systems/Data
DODIN CPT Ford Island, HI
CPT
57 IASNellis AFB, NV
Red Team
NetworkCSR
Stafford, VA
Network Infrastructure/
Services
JMNHuntsville, AL
Data Transport
JIORNorfolk, VA
Data Transport
RSDPs: Huntsville, ALPax River, MD
Network Infrastructure
Traffic Gen/Services
Subject to Cyber Effects
MDASchriever AFB, CO
BMD Systems
NCR Orlando, FL
Network Infrastructure/
Services
UNCLASSIFIED (U)
UNCLASSIFIED (U)
Concepts Underlying DECRE C2IS Cyber Range
Create an operational environment in which Blue Force Players, C2 systems and networks, and Red Teams can interact in a realistic manner
Integration of real C2 system and networks & virtual C2 systems and networks, NIPR & SIPR (Focused on JOC, MOC, AOC, JFLCC)
Integration of recorded exercise data or real time data from exercises to drive C2 data play
Integration of instrumentation to quantify system performance, survivability and mission impacts
Integrate training of network operators and defenders, Enterprise Operations Centers (EOC), Cyber Security Service Providers (CSSP), and Cyber Mission Force operators and systems
UNCLASSIFIED (U)
UNCLASSIFIED (U)
DECRE C2IS Activities and Capabilities
Activities• Training • Mission Rehearsal• Capability
Development• Experimentation• Testing
AOC: Air Operations CenterCDF: Cyber Defense FlightHBSS: Host Based Security System
JIOR: Joint Information Operations RangeJMETC: Joint Mission Environment Test CapabilityJMN: JMETC Mission Network
• Persistent SECRET NOFORN Environment• Persistent SECRET REL (FVEY) Environment• JIOR and JMN connect up to 14 nodes• Integrated Planning Team/White Cell• Joint CCMD architecture• Emulates Base/Post/Camp/Stations
interconnected by DODIN• NIPRNet and SIPRNet
• Traffic emulation for NIPR/SIPR & C2 systems• Blue teams install/configure own Cyber
Defense Applications/Sensors/Rule Sets• Network Operations Monitoring and Analysis
with SOLARWINDS and RIVERBED• Daily after-Action Review Capability (Ground
Truth for Testing and Training)• Scenario & Traffic Playback J7 M&S Federation
Current Capabilities
DECRE C2IS Footprint
UNCLASSIFIED (U)
UNCLASSIFIED (U)6
DECRE C2IS (2014)
UNCLASSIFIED (U)
UNCLASSIFIED (U)
Red Team Observations
Oct 2014 Threat Systems Management Office (TSMO)
• On a scale of 1-10 with 10 being real, how representative of a COCOM network is the DECRE C2IS?
8
• From an Operational Test perspective how does the DECRE C2IS environment compare to the others you have worked in?
As good or better than any we have seen
UNCLASSIFIED (U)
UNCLASSIFIED (U)
DECRE C2IS (May 2016)
(Site A) JFACC/AOC
(Site B) CCMD JOC
(Site C) JFMCC/MOC
(Site D) JFLCC (Site E) External Interface
DISA IAP
Internet
6
UNCLASSIFIED (U)//FOR OFFICIAL USE ONLY (FOUO)
UNCLASSIFIED (U)//FOR OFFICIAL USE ONLY (FOUO)
9
Command & Control Systems and Supporting M&S
UNCLASSIFIED (U)
UNCLASSIFIED (U)
M&S Capabilities in DECRE C2IS Cyber Range
BLUE GROUND LOTS WS
BLUE NAVAL LOTS WS
BLUE AIR LOTS WS
C2 SYSTEMS
Low Overhead Training System (LOTS)Joint Staff J7 GOTS software application designed to stimulate C2 Systems when simulation of forces is not needed
Joint Simulation Protocol Analyzer (JSPA) Logs all exercise simulation traffic.
C2 Networks (OTH-Gold / TADIL / USMTF / FDL)
HLA / DIS / TENA Networks
JRC JSPA LOTS
JMECSJAWS VRSGJMEM
JS J7 JLVC Federation
EUCOM AC15 C2/M&S Track Feeds to DECRE
C2IS GCCS-J
Record on SIPRNET and Play-back C2/M&S in
DECRE C2IS (JIOR)
LARIAT MIT-Lincoln Labs (MIT-LL): Emulates users performing real tasks, with real applications, e-mail, browsing, chat of from to a million physical hosts. Cross Domain Solution
(Controlled Interface) Radiant Mercury
USEUCOM / USAREURGrafenwoehr, GE
Joint Staff J6 C4 Assessment Division
Suffolk, VA
Joint MSEL and Exercise Control Station (JMECS)C2 Stimulation and MSEL Management
UNCLASSIFIED (U)
UNCLASSIFIED (U)
Lower Enclave – Collateral SecretJTIMSTraining Objectives
JMSEL
JDLM
DESSTRANSCOM
LogisticsFederation
Logistics Models
ABS
TENA InstrumentedRanges
GamingVBS2
JLVCCore Simulations &
Support Tools
JMECS
JECS
LOTS
JAWSJSPA
JMEM
JTEN / D
IS Netw
ork
RTI (JLVC FOM)
JLOD
JLVC Bridge
JTDS
JCATS
LEGENDAir ForcePrimarily Army & Shared
Navy
Marine Corps
NRO
Primarily Joint & Shared
NSA
Intel Models
BEServer
ACE-IOS
NWARS-NG
IWMDT
DTRA
MDA
ACE-IOSSIGINT Model
NSANetJWICS
Upper Enclave - TS / SCI
RadiantMercury
TIUBallistic
Missile Sim
IAMD & Space Models
SSG/GEGGPS
Simulation
TDACSLink
COCOM
Virtual Simulators
AFSERS-MUSEVirtual ISRImagery
WES
VRSG
MUSE-CSS
VIPRS
Virtuals
C2 Network
AWSIMUSAF
NCTE
JSAFUSN MTWS
USMC
1
Service Combat Models
ExCIS
JS J7 JLVC 1.0 Federation
MDST DESimSense and
Shoot
UNCLASSIFIED
UNCLASSIFIED
Cyber Security RangeStafford Joint IO Range
NorfolkC4 Assessment Division
Suffolk
Navy Combat Systems Direction Activity
Dam Neck / Virginia Beach
Red TeamSandia National Labs
Albuquerque
Air Force Red Team57 IAS
Nellis AFBNavy Red Team
Navy IO CommandNorfolkTest Resource Mgmt Center
JMETC MILS Network PointRedstone
USPACOM Cyber Protection TeamCyber War Innovation Center
Camp Smith
Cyber Defense Flight613 AOC
Hickam AFB
462 SquadronRAF Edinburg
Defence Network Operations CentreCanberra
Hawaiian Islands
Australia
CONUS
Range/Capability Provider
Cyber Defender
OPFOR Red Team
9,800 miles5,700 miles
9,900 miles
4,400 miles
DECRE C2IS Footprint for US/AUS Training and Mission Rehearsal
46 Test SquadronEglin AFB
Army Red TeamThreat Systems Mgmt Office
Redstone
Objectives Support PACOM DCO training, Cyber C2
CONOPS and TTP development Build the US/AUS Environment on the
range in preparation for TS17 – Work through issues of integration,
interoperability and survivability.
UNCLASSIFIED (U)
UNCLASSIFIED (U)
Red /Blue Team Observations
• July 2017 (PACOM TS17 Cyber FTX)• On a scale of 1-10 with 10 being real, how representative of a
CCMD network is the DECRE C2IS? • 613th AOC Mission Defense Team -- 7 (by design due to REL-FVEY)
• 501 CPT, AOC defense mission – 8• 462 SQDN DCOT, Australian AOC cyber defense team -- 8• 500 CPT, PACOM JOC defense mission – 8• 46th Test SQDN, AOC system provider -- 7 (by design due to REL-FVEY)
• TSMO, US Red Team – 4 (need for more systems and traffic)
• This was a PACOM/Australia Secret Rel FVEY environment involving combined US/Australian Blue and Red Teams attacking and defending a JOC and AOC.
– “Network traffic replicated real world well making it challenging to pinpoint red team” (501CPT)
– 1st time US and Rel FVEY partner have jointly defended and attacked C2 systems
UNCLASSIFIED (U)
UNCLASSIFIED (U)
• Expand Persistent Capability and Capacity − Allow for more C2 systems, system operators, CPTs, CSSPs and JCCs to
interact in a realistic manner− Unclassified and classified closed environments (NIPR, SIPR, REL FVEY)− Rapidly configurable networks, with their tools and sensors, C2 systems
and network traffic, COTS threat tools− Build cloud computing environment (Amazon Web services to host
TRANSCOM)• Challenged by: − Event management functions (OPFOR, Scenario, White Cell)− Automated threats− Automated configuration tools for rapid restoration and re-use− Instrumentation to quantify Red and Blue team actions and effectiveness
of tools and response actions
Focus and Challenges
UNCLASSIFIED (U)
UNCLASSIFIED (U)
Questions