Cybersecurity professionals are being called upon to design and develop assured, secure computer systems and protect the world from devastating cyber-attacks. As our reliance on technology increases, the need to build innovative approaches to cyber security efforts becomes critical. The opportunities in this field are great since cyber security is a national priority. Join our panel of experts as we talk about managing cyber threats and ways to gain access to cyber security opportunities.
At the end of this seminar, participants will be able to:
a. Identify required skills and areas in cyber security careers.
b. Explore opportunities and challenges in cyber security.
c. Examine critical success factors.
d. Identify steps to take to work in cyber security
2. UNCLASSIFIED
2UNCLASSIFIED
Cybersecurity Approach and Threats
What We Do
State Threats Insider Threats
Hacktivist Cyber Crimes
• Poor Network
Architecture
• Poor User
Practices
• Poor Network
and Data
Management
Practices
4. UNCLASSIFIED
4UNCLASSIFIED
Cybersecurity Roles and Responsibilities
Network Focused &
Threat Agnostic
Power
Projection
Offensive
Operations
Network
Operations
Info Operations
Fires (Targeting)
Military Intelligence
Cyber & Electronic Warfare
Army Network
Internal | External
Signal
• Defend
• Leverage Intel
• Investigate & Analyze
• Hunt Internal Threats • Collect
• Target
• Operate
• Design, Build & Configure
• Operate, Maintain & Sustain
• Secure
• Oversee & Govern
Defensive
Operations
Cybersecurity
Activities
Mission Focused &
Threat Specific
Big
Data
5. UNCLASSIFIED
5UNCLASSIFIED
The Army Cybersecurity Team
• Infrastructure Support
• CND Analyst
• Incident Responder
• CNDSP Auditor
• CNDSP Manager
• CND Manager/Auditor
• CND Incident Responder/Analyst
• Network Warfare Planner
• Cyber Defense Chief
• Cyber Operations Chief
Cyber Network
Defenders
Information
Protection Technicians
Signal Officers / Information Systems Engineers
• The Army’s preeminent information systems experts
Training
Military - Civilian
Editor's Notes
Overarching Theme
Cybersecurity threats are without question the most dangerous threat to our defense systems. To be more resilient – we must, build the right network, build the right force, and train the right skills.
Message: Today, we will look at the Army’s approach to cybersecurity and the three focal areas – how we operate, building the team, and training – to achieve a resilient network.
(UNCLASSIFIED) Cybersecurity
1) Nation states with highly sophisticated cyber programs (Russia—in Ukraine—or China—OPM hack); nations less technically competent but with more disruptive intent (such as Iran or North Korea—SONY hack); profit-motivated criminals; and hackers or extremists motivated by ideology—ISIS
2) Hacktivists are often assessed to be “nuisance threats” conducting unsophisticated DDoS attacks and webpage defacements. However, in the last several years, the number of hacktivists has grown exponentially and hacker collectives have been able to leverage large numbers of willing participants to conduct more effective attacks.
3) Evolving from theft of money data/information /intellectual property to extortion through ransomware/ destruction of network infrastructure —destruction and manipulation of data (Sony)—sophisticated information operations—Russian election interference
Eighty percent of cyber incidents can be traced to 3 causes: poor user practices; poor network and data management practices; and poor implementation of network architecture
Cybersecurity starts with the user—everyone who uses the Internet or a network.
Most breaches can be traced to individuals who fell victim to phishing e-mails or the failure of administrators to perform basic cyber hygiene—a user opened an e-mail and clicked on a bad link; used an easily discoverable password; or a systems administrator failed to make required patches and upgrades.
It’s important to remember that the private sector owns and operates over 90 percent of all the networks and cyberspace infrastructure. So in many ways, the private sector is the first line of defense in cyberspace.
What we have learned is that the majority of intrusions could be stopped through relatively basic cybersecurity investments including training.
Leadership is key. If the head of an organization doesn’t take cybersecurity seriously, no one will.
(UNCLASSIFIED) Network Modernization
A resilient network today will depend on a few factors – a robust cybersecurity framework of highly skilled and adaptive operators that are trained to neutralize and prevent threats to the network
1) The Army is aggressively improving its cybersecurity posture with architecture modernization efforts that reduce attack surface area, improve bandwidth and reliability, and fortify our network perimeter defense capability.
2) The current network does not meet the warfighter need to win the fight we are in - Network design, planning, and management are too complex leading to vulnerabilities
3)The Five Goals of the Army Data Strategy
1) Make Data Visible; 2) Make Data Accessible; 3) Make Data Understandable; 4) Make Data Trusted; 5) Make Data Interoperable
(UNCLASSIFIED) Cybersecurity in relationship to the larger Cyber Environment
The Army views Cybersecurity as a combination of normal daily Network Operations - passively protecting the network - and Defensive Cyber Operations - Actively seeking intrusions, investigating threats, and analyzing the data.
1) The distinction between Cybersecurity and Cyber Defense is in the specificity of the threat and response. With cybersecurity the threat agnostic, meant to protect against the broad range of actors previously mentioned
2) Cyber Defense and Offense are further broken down, but overlap representing the relationship between activities pursuing threats, versus our own plans to disrupt enemy operations through Cyber and Electronic Warfare.
3) The Army is using data analytics to improve our situational understanding of our networks—to see not only adversary activity, but also to ourselves; and using this information as part of a risk management strategy to inform our cybersecurity decision making.
How Army is using BIG DATA
The Army is using data analytics to improve our situational understanding of our networks—to see not only adversary activity, but also to ourselves; and using this information as part of a risk management strategy to inform our cybersecurity decision making.
We’re using DoD’s Big Data Platform to do four things: 1, share and 2, collect information; and 3, analyze and 4, visualize—multiple petabytes of data from sources across the DoD Information Networks.
The Army is developing an analytic framework for conducting advanced cyber defense that initiates with continuous monitoring to “see” the operational environment and establish situational awareness. With the ability to effectively collect and correlate data describing the environment, behavioral analysis and pattern detection will allow us to determine operational baselines.
This will then allow us to determine anomalous behavior that deviates from defined norms and use advanced techniques for attribution and discovering the “why” and “how" associated with malicious activity.
Initial analytic efforts are heavily weighted toward establishing situational awareness with select capabilities targeting likely threat activity.
In concert with DoDs Big Data Platform (BDP), DoD’s Cyber Situational Awareness Cloud is the set of widgets, analytics, ingest code, and data structures deployed on the BDP that provides unified situational awareness across DODIN Operations and Defensive Cyberspace Operations.
(UNCLASSIFIED)
Although we may approach Cyber Operations in general differently than civilian counterparts, one commonality is the need to recruit, train, and retain a high quality workforce.
1) The Army is building and recruiting a world-class, preeminent cyber force—created new cyber branch—built Cyber Center of Excellence - All within the past seven years.
2) Cybersecurity Soldiers come from a broad range of backgrounds, from those right out of high school, to College Graduates and Soldiers already proven to have the knowledge and skill to succeed in this demanding field
3) The Army offers many opportunities to receive both specific military training as well as civilian certifications and training - including opportunities in the National Guard and Reserve