Semantech Inc. 2008 - Lecture Series USAF Cyber Command ( How Doctrine Can Influence Design ) Presented by Stephen Lahanas Principal Consultant, Semantech Inc. Feb 27th, 2008 Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com I

Introduction This presentation is designed to provide a high level overview to issues surrounding the newly created AF Cyber Command. This presentation is not meant to present any official views or doctrine, but rather to explore what concepts might or might not prove useful for the command. We will also explore how innovation, doctrine and evolving practice may impact the design of systems or solutions dedicating to support the Cyber mission. We will examine how Cyber & traditional roles may blur. I Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

Introduction

This presentation is designed to provide a high level overview to issues surrounding the newly created AF Cyber Command.

This presentation is not meant to present any official views or doctrine, but rather to explore what concepts might or might not prove useful for the command.

We will also explore how innovation, doctrine and evolving practice may impact the design of systems or solutions dedicating to support the Cyber mission. We will examine how Cyber & traditional roles may blur.

My Perspective, part 1 In 1998, I designed one of the first Intrusion Detection architectures. In 1999, I served as lead security layer oversight engineering for GCSS-AF (the HIP project). From 2001 to 2005 I served as a chief engineer in both USAF logistics & finance PMOs. From 2005 to 2006 I supported US Army NETCOM on their AENIA & APC projects as an enterprise architect. From 2006 to 2007 I supported the DHS/USCG C2 Convergence initiative as an enterprise architect. This year, I supported USAF GCIC as an enterprise SOA architect. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

My Perspective, part 1

In 1998, I designed one of the first Intrusion Detection architectures.

In 1999, I served as lead security layer oversight engineering for GCSS-AF (the HIP project).

From 2001 to 2005 I served as a chief engineer in both USAF logistics & finance PMOs.

From 2005 to 2006 I supported US Army NETCOM on their AENIA & APC projects as an enterprise architect.

From 2006 to 2007 I supported the DHS/USCG C2 Convergence initiative as an enterprise architect.

This year, I supported USAF GCIC as an enterprise SOA architect.

My Perspective, part 2 My experience in supporting Network Operations, C2 systems and security architectures has forced me to ponder issues surrounding what is “Cyberspace” or “Cyber-warfare” since 1998. I have had the opportunity to witness an evolution in thinking on the subject from multiple perspectives (on the front lines and from an industry as well). I have also had the chance to work with many of the technologies involved and am fairly well grounded in what is technically possible today and what will likely be supported in the near-future. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

My Perspective, part 2

My experience in supporting Network Operations, C2 systems and security architectures has forced me to ponder issues surrounding what is “Cyberspace” or “Cyber-warfare” since 1998.

I have had the opportunity to witness an evolution in thinking on the subject from multiple perspectives (on the front lines and from an industry as well).

I have also had the chance to work with many of the technologies involved and am fairly well grounded in what is technically possible today and what will likely be supported in the near-future.

Cyberspace, Defined Generic Definition : Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. Cyber-warfare : Cyber-warfare (also known as cybernetic war, or cyberwar) is the use of computers and the Internet in conducting warfare in cyberspace. A New Reality : The truth is that “Cyberspace” is an ambiguous term grouping together a hybrid set of capabilities enabled through various communications technologies. Those capabilities viewed synergistically, though, extend beyond the enabling medium/s. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

Cyberspace, Defined

Generic Definition : Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.

Cyber-warfare : Cyber-warfare (also known as cybernetic war, or cyberwar) is the use of computers and the Internet in conducting warfare in cyberspace.

A New Reality : The truth is that “Cyberspace” is an ambiguous term grouping together a hybrid set of capabilities enabled through various communications technologies. Those capabilities viewed synergistically, though, extend beyond the enabling medium/s.

Principles of Cyberspace Cyberspace is unique and ubiquitous; it is both its own domain as well as a dimension within all other domains. As we progress, the boundaries between cyber-operations and conventional operations will blur. Understanding that merger of capabilities and the planning for it is perhaps the USAF’s greatest challenge. Cyberspace represents a single point of failure for the USAF. It provides asymmetrical opponents the opportunity to disrupt and defeat a vastly superior force. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

Principles of Cyberspace

Cyberspace is unique and ubiquitous; it is both its own domain as well as a dimension within all other domains.

As we progress, the boundaries between cyber-operations and conventional operations will blur. Understanding that merger of capabilities and the planning for it is perhaps the USAF’s greatest challenge.

Cyberspace represents a single point of failure for the USAF. It provides asymmetrical opponents the opportunity to disrupt and defeat a vastly superior force.

Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com AF Cyber Command History The decision to create the USAF Cyber Command as a Major Command (MAJCOM) was first announced in November of 2006. The provisional command began deployment shortly thereafter and is located at Barksdale AFB, LA. The timeline for Initial Operating Capability (IOC) of the formal command is Oct. 1, 2008. The final location for the permanent command has not been determined yet. The decision will now be delayed until Oct. 2008.

AF Cyber Command History

The decision to create the USAF Cyber Command as a Major Command (MAJCOM) was first announced in November of 2006.

The provisional command began deployment shortly thereafter and is located at Barksdale AFB, LA.

The timeline for Initial Operating Capability (IOC) of the formal command is Oct. 1, 2008.

The final location for the permanent command has not been determined yet. The decision will now be delayed until Oct. 2008.

AF Cyber Command’s Core Premise The AF Cyber Command is meant to provide a unified organizational and doctrinal construct for a variety of related functions that are currently dispersed throughout the USAF. This scenario is similar across DoD branches. AF Cyber is also a realization of the growing dependence of conventional military capabilities on information technology. Every aspect of the USAF’s mission can now be tied in some way to the multi-dimensional Cyber domain. “ Cyberspace Dominance” will soon become the USAF’s mission primary objective (as failure to do so would become its greatest liability / risk). Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

AF Cyber Command’s Core Premise

The AF Cyber Command is meant to provide a unified organizational and doctrinal construct for a variety of related functions that are currently dispersed throughout the USAF. This scenario is similar across DoD branches.

AF Cyber is also a realization of the growing dependence of conventional military capabilities on information technology. Every aspect of the USAF’s mission can now be tied in some way to the multi-dimensional Cyber domain.

“ Cyberspace Dominance” will soon become the USAF’s mission primary objective (as failure to do so would become its greatest liability / risk).

AF Cyber Command – Part of a Larger Picture AF Cyber Command is not the only place within the DoD where Cyber-activity occurs. There are also Cyber divisions within the other services, within DHS and across a variety of Intelligence agencies. US Army Netcom manages much of the Cyberspace support for the Army. They control the US Army NETOPs architecture, I3MP as well as the Army’s new datacenters – Area Processing Centers (APCs). The US Navy’s Netwarcom has similar responsibilities. DISA (Defense Information System Agency), is deploying cyber foundation capabilities including datacenters and Netcentric services environments (NECC, NCES). Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

AF Cyber Command – Part of a Larger Picture

AF Cyber Command is not the only place within the DoD where Cyber-activity occurs. There are also Cyber divisions within the other services, within DHS and across a variety of Intelligence agencies.

US Army Netcom manages much of the Cyberspace support for the Army. They control the US Army NETOPs architecture, I3MP as well as the Army’s new datacenters – Area Processing Centers (APCs). The US Navy’s Netwarcom has similar responsibilities.

DISA (Defense Information System Agency), is deploying cyber foundation capabilities including datacenters and Netcentric services environments (NECC, NCES).

The DISA NCES & NECC programs are built upon DISA datacenters and are designed to provide a Netcentric application hosting framework to all DoD branches. These programs are also charged with integrating the current Family of Systems (FoS) environment – GCCS-J. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

So What is AF Cyber, Really? AF Cyber Command will merge all current capability for Cyber (network) management – including both defensive and offensive “Cyber” functions. Cyber is more than virtual capability though, it represents a range of “Cyber Support.” Cyber in effect merges the 4 C’s of C4ISR (Command, Control, Computers & Communication as well as the ISR part; Intelligence, Surveillance and Reconnaissance). Thus Cyber-Support can be applied to nearly every other USAF activities or mission. The fundamental unifying mechanism that ties all support activities is Interoperability, more specifically the ability to convert all data & communications into digital messages. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

So What is AF Cyber, Really?

AF Cyber Command will merge all current capability for Cyber (network) management – including both defensive and offensive “Cyber” functions.

Cyber is more than virtual capability though, it represents a range of “Cyber Support.” Cyber in effect merges the 4 C’s of C4ISR (Command, Control, Computers & Communication as well as the ISR part; Intelligence, Surveillance and Reconnaissance). Thus Cyber-Support can be applied to nearly every other USAF activities or mission.

The fundamental unifying mechanism that ties all support activities is Interoperability, more specifically the ability to convert all data & communications into digital messages.

AF Cyber Doctrine, part 1 AF Cyber Doctrine hasn’t really been fully formulated as yet, so this is meant to serve as a sounding board of sorts. Doctrinal Concept 1 – Cyberspace is an active battlespace; in other words Cyberwar is today’s new proxy battlefield, it is the new “cold war.” Doctrinal Concept 2 – Cyberspace is not just about defense, in fact, the view of the NETOPs environment as a reactionary architecture is one of the reasons it performs so poorly. Doctrinal Concept 3 – Cyberspace is a rapidly changing paradigm, our current processes for deploying capability are not aligned well with this domain… Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

AF Cyber Doctrine, part 1

AF Cyber Doctrine hasn’t really been fully formulated as yet, so this is meant to serve as a sounding board of sorts.

Doctrinal Concept 1 – Cyberspace is an active battlespace; in other words Cyberwar is today’s new proxy battlefield, it is the new “cold war.”

Doctrinal Concept 2 – Cyberspace is not just about defense, in fact, the view of the NETOPs environment as a reactionary architecture is one of the reasons it performs so poorly.

Doctrinal Concept 3 – Cyberspace is a rapidly changing paradigm, our current processes for deploying capability are not aligned well with this domain…

AF Cyber Doctrine, part 2 Doctrinal Concept 4 – Cyberspace merges systems (information & weapons systems) and communications in ways previously not imagined by the DoD. This has a strangely unifying effect, eventually merging the systems involved. Some of this is intentional, some of it is a byproduct. Doctrinal Concept 5 – Cyberspace is not and cannot easily be segmented, the overlap across various DoD “cyber” agencies will prove as problematic as the ones which existed within the braches previously. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

AF Cyber Doctrine, part 2

Doctrinal Concept 4 – Cyberspace merges systems (information & weapons systems) and communications in ways previously not imagined by the DoD. This has a strangely unifying effect, eventually merging the systems involved. Some of this is intentional, some of it is a byproduct.

Doctrinal Concept 5 – Cyberspace is not and cannot easily be segmented, the overlap across various DoD “cyber” agencies will prove as problematic as the ones which existed within the braches previously.

AF Cyber Doctrine, part 3 Doctrinal Concept 6 – Cyberspace represents a previously unavailable route of access to military information and capability; however the approach towards security and privacy must still be balanced against common sense and the core principles upon which the nation was founded. Doctrinal Concept 7 – The most important “cyber-weapon” is and always will be the human mind; management of Cyber Command must foster innovative and agile decision making. Threats must be addressed proactively & with a minimum of bureaucracy. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

AF Cyber Doctrine, part 3

Doctrinal Concept 6 – Cyberspace represents a previously unavailable route of access to military information and capability; however the approach towards security and privacy must still be balanced against common sense and the core principles upon which the nation was founded.

Doctrinal Concept 7 – The most important “cyber-weapon” is and always will be the human mind; management of Cyber Command must foster innovative and agile decision making. Threats must be addressed proactively & with a minimum of bureaucracy.

Merger of USAF current organizations into the AF Cyber Command must occur quickly…

AF Cyber Challenges - 1 Challenge 1 – Finding a suitable “Brick & Mortar” location. This may seem counter-intuitive in some respects; why can’t AF Cyber be a “virtual” Command? Response – It could be and in fact is right now, however there are some advantages in consolidating a headquarters location, most notably the ability bring together a number of talented folks on short notice for rapid problem solving. Some of the command will likely remain dispersed across various bases. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

AF Cyber Challenges - 1

Challenge 1 – Finding a suitable “Brick & Mortar” location. This may seem counter-intuitive in some respects; why can’t AF Cyber be a “virtual” Command?

Response – It could be and in fact is right now, however there are some advantages in consolidating a headquarters location, most notably the ability bring together a number of talented folks on short notice for rapid problem solving. Some of the command will likely remain dispersed across various bases.

Locating AF Cyber: Decision Criteria The new location for AF Cyber Command should meet the following criteria: Proximity to DISA megacenter/s Robust Facility Bandwidth Robust SIPRnet support Sufficient space for on-base facilities and off base contractor support. A skilled local workforce A location not in prime Cyber Infrastructure Target (i.e. East or West Coast major regions) A location where other related systems can be supported in collaboration with the command. Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

Locating AF Cyber: Decision Criteria

The new location for AF Cyber Command should meet the following criteria:

Proximity to DISA megacenter/s

Robust Facility Bandwidth

Robust SIPRnet support

Sufficient space for on-base facilities and off base contractor support.

A skilled local workforce

A location not in prime Cyber Infrastructure Target (i.e. East or West Coast major regions)

A location where other related systems can be supported in collaboration with the command.

AF Cyber Command will require a new approach & new processes in order to centralize Cyber activities…

Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com AF Cyber Challenges - 2 Challenge 2 – Integrating more than a dozen existing commands and organizations within the remainder of this fiscal year. Response – Not only does this represent a huge reorganization (usually pretty complex on its own), it also represents a major redefinition of the AF mission at the same time. One suggestion is to apply some of today’s most innovative technologies for enterprise collaboration to help facilitate the migration – this is only fitting given the mission of the command.

AF Cyber Challenges - 2

Challenge 2 – Integrating more than a dozen existing commands and organizations within the remainder of this fiscal year.

Response – Not only does this represent a huge reorganization (usually pretty complex on its own), it also represents a major redefinition of the AF mission at the same time. One suggestion is to apply some of today’s most innovative technologies for enterprise collaboration to help facilitate the migration – this is only fitting given the mission of the command.

Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com AF Cyber Command will emerge into the middle of many existing IT related challenges for the USAF. Defining relationships between the new command and these programs is essential.

Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com AF Cyber Challenges - 3 Challenge 3 – Merging AF Cyber and Cyber Support Architectures and management. Response – For years, data center and network operations have been somewhat divorced from system management – stovepipes of expertise exist all over the place. From now on capabilities must be designed full-spectrum, taking into account all aspects related to deployment and management from the very beginning. A good example is the need to design AF Area Processing Centers (APCs) with application hosting considerations as well as NETOPs in mind.

AF Cyber Challenges - 3

Challenge 3 – Merging AF Cyber and Cyber Support Architectures and management.

Response – For years, data center and network operations have been somewhat divorced from system management – stovepipes of expertise exist all over the place. From now on capabilities must be designed full-spectrum, taking into account all aspects related to deployment and management from the very beginning. A good example is the need to design AF Area Processing Centers (APCs) with application hosting considerations as well as NETOPs in mind.

Strategy & AF doctrine can and should drive the solution architectures of the AF Cyber Command…

Conclusion The establishment of AF Cyber Command marks a fascinating turning point in the history of The United State’s armed forces. What may have sounded like science fiction ten years ago is now reality. Understanding the problem space and having the will to develop such an organization is the first step, the next step will be much harder as this “battlespace” will change our paradigms for warfare. Conceivably future campaigns could be executed in minutes not days and involve no conventional weapons at all… I Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com

Conclusion

The establishment of AF Cyber Command marks a fascinating turning point in the history of The United State’s armed forces. What may have sounded like science fiction ten years ago is now reality.

Understanding the problem space and having the will to develop such an organization is the first step, the next step will be much harder as this “battlespace” will change our paradigms for warfare. Conceivably future campaigns could be executed in minutes not days and involve no conventional weapons at all…

Semantech Lecture Series - 2008 Copyright 2008, Semantech Inc. – All Rights Reserved http://www.semantech-inc.com Thank You… For more information, contact: Stephen Lahanas [email_address]