VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050
The overall classification of this briefing is:
Classified By: btwill3 Derived From: USCYBERCOM SCG
Dated: 20111011 AND
Derived From: NSA/CSSM 1-52 Dated: 20070108
Declassify On: 20280102
1 UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Cyberspace Operations Prepared for the 18th International Command and Control Research and Technology Symposium
Major General Brett T. Williams
Director of Operations (J3), USCYBERCOM
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 2 UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Operational C2 Architecture
MISSION ASSURANCE BACKPLANE
Information Conditioning & Control
Personnel Education & Awareness
Identification & Authentication
Authorization & Privilege Mgt.
Vulnerability Mgt.
Boundary Defense
Incident Mgt.
Continuity of Ops.
Network Enclave Mgt.
Physical Enclave Mgt.
HBSS Agile Coalition Environment
NETWORKING & ENCLAVING LAYER
Tactical Link 16 TADIL-J Internet
NIPRNET SIPRNET CENTRIXSs JWICS
DSN DVS-G Link 11
TADIL-A VPNs
NSANet POTS DMON / ARCNET
SENSOR & ACTUATOR LAYER Undersea Sensors Overhead Sensors
Cyber Sensors Readiness Data
Ground Sensors
Unattended Autonomous Vehicles Weapon Platforms
SENSORS, ACTUATORS & DATA LAYER
Mission Application Data
Backup / COOP Data
TELECOMMUNICATIONS LAYER
Space
DSCS
WGS UHF
EHF-LDR
EHF-MDR GBS
AEHF
LOS/BLOS Radio
HF UHF VHF
Wireless Mobile Phone / IP Data
WIMAX WiFi GSM EVDO
Terrestrial / Undersea Undersea Cabling
Defense Data Transport Services Commercial Data Transport Services
Area Cable Plants LMR TMR
CWSP
INMARSAT Iridium
BBS
Commercial Military
TSAT
JTRS
Strategic Guidance
Situational Awareness
Concept Development
Planning
Plan Assessment
Execution
How do we C2 our C2?
APPLICATIONS LAYER
Common Applications File / Print / Share / E-Mail / Web / Office / AMHS /GPS / Voice / Video / Collaboration
Command & Control
Battlespace Awareness IntelLink / Intelipedia / MIDB
Force Application TBMCS / BMD / JADOCS
Logistics GCSS / GDSS
Building Partnerships Radiant Mercury HARMONIEWEB/ APAN CENTRIXS Tools
IAMD GCCS / IWS / Chat Callblast Telecon WebARMS
TacView / C2BMC Weapons & Authorities Dashboards
Mo
ve
Info
rmat
ion
INFORMATION CONTENT LAYER
Information Retrieval Content Discovery/People Discovery
Operational Logic
Data Sourcing Timely, Accurate
Information Conditioning Common formatting/Data Tagging Business Rules
Use
In
form
atio
n
Get
In
form
atio
n
Plan Development Orders
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 UNCLASSIFIED
UNCLASSIFIED
USCYBERCOM Mission and Operations
Operate and Defend DoD Information
Networks (DoDIN)
Defend the Nation Against Strategic
Cyber Attack
Combatant Command Support
Combat Mission Teams
National Mission Teams
DISA/Services Cyber Protection
Teams
USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
3
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 4 UNCLASSIFIED
UNCLASSIFIED
The Three Layers of Cyberspace
Cyber-Persona Layer
Physical Network Layer
Logical Network Layer
People
• Digital representation of an entity in cyberspace
• Abstract from Physical Network
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 5 UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Cyber Terrain
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 6 UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Cyberspace Operations Per Joint Publication 3-12 (05 FEB 2013)
*Network focused
* Mission focused
DCO – Response Actions (DCO-RA)
DCO – Internal Defensive Measures
(DCO-IDM)
* Mission focused
DCO – IDM
DCO – RA
DODIN Ops
Provide Freedom of Maneuver
in Cyberspace
Cyber forces execute cyber actions:
Cyberspace Defense
Cyberspace ISR
Cyberspace OPE
Cyberspace Attack
Defensive Cyberspace Operations (DCO)
* Project power in and through cyberspace.
DoDIN Global Operations
Offensive Cyberspace Operations (OCO)
NMT
CPT
CMT
Maritime
JFC Mission Objectives
Land
Air
Space
Cyber
Maritime
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050
Preserve Friendly Freedom of Maneuver in Cyberspace
DoD Information Networks Global
Operations (DoDIN Global Ops)
LIMITS • Network performance
Defensive Cyberspace Operations – Internal Defensive Measures
(DCO-IDM)
LIMITS • Identify Key Cyber Terrain • Link vulnerabilities to threat • Capability and capacity • Authorities
Defensive Cyberspace Operations – Response
Actions (DCO-RA) LIMITS
• Policy • Rules of Engagement • Authority -------------------------------- • Intelligence • Access • Capability
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO 7
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 8 UNCLASSIFIED //FOUO
UNCLASSIFIED //FOUO
An Option for Cyber C2
JFMCC
Mission Forces
JSOTF TSOC
Supported / Supporting Relationship
CCMD CPP
CCMD CPP
CCMD CPP
CPT CCMD
CPP
CCMD CPP
CCMD CPP
CPT CCMD CCMT
CCMD CCMT
CCMD CCMT
CMT
National Mission
Force (NMF)
CCMD CCMT CCMD CCMT CCMD CCMT
NMT
COCOM OPCON TACON SIGINT Authorities Direct Spt
Joint Force HQ-Cyber
DST DST DST NST DST
DS DST
CST
GEOC
DISA
Commander
USCYBERCOM
Authorities OPCON
EOC
JFCCC JFACC
Mission Forces
Mission Forces
JFLCC
Mission Forces
Commander
CCMD
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050
Major General Brett T. Williams Director of Operations (J3) USCYBERCOM
UNCLASSIFIED//FOUO
UNCLASSIFIED
9
VERSION: 6.3 J3 Mr. Philip Glinatsis 06/06/2013 1050 10 UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Analytic Framework for Responding to Cyber Attack Against the U.S.
1. Target
2. Severity/Impact
3. Attacker (Attribution)
4. Attack Vector
5. Advanced Warning
Characterize Attack Level 0 – Absorb the Blows Level 1 – Deny Objectives Level 2 – Deny Objectives and Impose Costs
Level 3 – Deny Objectives, Impose Costs, and Deter Future Attacks
Response Spectrum
• Time (+target/severity) drives requirement for pre-approved, pre-planned actions. • Response execution by agency with capability and capacity, then align authorities.
INC
REA
SED SEV
ERITY
Determine Appropriate
Response
Constraints/Restraints:
• SROE
• Intel/Access/Capability
• Proportionality
• Escalation
• Precedence
• Deconfliction
• Intel/Ops Gain-Loss
• Cyber Response
• Low visibility • Cyber/Physical Response • Proportional, non-escalatory
• High Visibility • High Cost Imposing