When presented in 2010, this presentation provided a novel concept for moving from passive security to active defense. Leveraging lessons learned from BearingPoint and Deloitte's R&D on Collaborative Situational Awareness for Decision Making, this presentation put forward a framework for integrating cyber security system to enhance collaboration and more effectively integrate information from desperate sources.
1. Evolving a Cyberspace Doctrine
The Process
Michael E. Ruiz
CTO, Net-Enabled Operations
Deloitte Consulting LLP
April 16, 2010
2. Objective
Discuss the Evolution of Cyberspace
Provide a Context for discussing Cyber Space
Share some ideas on Cyber Warfare Doctrine
An appreciation of the complexity and emergence of
Cyberspace domain in Warfare
-2-
SATX - Evolving a Cyberspace Doctrine.pptx
Present possible Cyberspace Operations Center for the Future
3. Background
The DoD and Intel communities have engaged in Cyberspace under the
auspice of Information Assurance and Network Security for at least three
decades.
Security has to be more than policy
– Policy must be implementable
– Enforcement must be understood during policy definition
Information Sharing requires trust; trust creates risk.
– We have been slow to adopt a posture of risk mitigation
– Risk avoidance is still a cultural mindset
Cyber Operation is the emerging mission
The Enemy is within the Wire
-3-
SATX - Evolving a Cyberspace Doctrine.pptx
– The next war will have a significant cyber component
8. Command and Control (C2) is “the exercise of
authority and direction by a properly designated
commander over assigned and attached forces
in the accomplishment of the mission...”
- The DoD Dictionary of Military and Associated Terms
9. Cyber Command and Control
Gather Information Related to Cyber Threats and Vulnerabilities (Data
fusion)
Analyze the cyber threats and vulnerabilities (Analytical Tools)
Visualize the cyber threats and vulnerabilities (Shared Situational
Awareness)
Disseminate cyber threats information and collaborate on the
information (Wiki and Web 2.0)
Coordinate the response planning and execution (Remediation and
Operations Teams)
-9-
SATX - Evolving a Cyberspace Doctrine.pptx
Interface with internal and external entities (public, private and open
source) to share and integrate information
10. - 10 -
SATX - Evolving a Cyberspace Doctrine.pptx
Cyber Command and Control Reference Model
11. Data/Information Sources
Data Collection and Fusion Environment - Combination of real-time
data from cyber assets combined with historical data provides context for
evaluating threats
- 11 -
SATX - Evolving a Cyberspace Doctrine.pptx
Interface with internal and external entities (public, private and open
source) to share and integrate information
12. - 12 -
SATX - Evolving a Cyberspace Doctrine.pptx
The Core of Cyberspace Operation Center
13. The Communities of Interest (COI)
- 13 -
SATX - Evolving a Cyberspace Doctrine.pptx
Disseminate cyber threats information and collaborate on the
information
14. Enterprise Service for Federated
Management and Cross Domain
Information Sharing
Coordinate the response planning and
execution (Remediation and
Operations Teams)
- 14 -
SATX - Evolving a Cyberspace Doctrine.pptx
Federated Security Space Operations Centers
15. Conclusion
Asymmetric, highly decentralized organization are impossible to stop with
centralized approaches.
Creating an environment for spontaneity is crucial to enabling highly
centralized organization to act and operate as decentralized forces.
Technology is not the solution it is an enabler … the solution requires a
blend of People, Process, and Technology working to a common goal.
De-incentivize our adversary
Train the work force
Create Tactics, Techniques, and Procedure to wage and protect the Cyber
domain
- 15 -
SATX - Evolving a Cyberspace Doctrine.pptx
Allow flexibility and agility in creating capability.
Doctrine –addresses the much needed Tactics, Techniques and Procedures (TTPs) for operating in a cyber realm.Cyber ISR techniques are needed – today we focus on protection of our networks tomorrow we need to understand how our enemies will use there networkCyber C2 Procedures are required – What threats require remediation in the form of patch? And What threats require operations in the form of an MP going to a desk or covert operative being tasked to find out more about a particular organization or group?What does the Cyber Kill Chain look like? When are our actions an act of war and when are the a protective posture?Friedman in his Book “The Next Hundred Years” asserts that Russia will take defensive measure - creating buffer around its border to protect itself from encroaching Europeans. These actions will appear aggressive to some.Estonia Cyber war in April 2007 – mostly Do's Attacks and Botnet spam attacksGeorgia Takes a Beating in the Cyber war With Russia - By JOHN MARKOFF - the New York Times – August 11, 2008Organization – defines the organizational structures needed to successfully implement a cyber warfare organization, specifically the work BearingPoint is doing for the Army G2 for cyber operations.The Creation of Cyber Command – a unified command to address Cyber ChallengesThe Creation of the 24th Air Force – a numbered Air Force dedicated to working on Cyber ChallengesThe Creation of the Army Cyber DirectorateThe Navy reorganization – combining the N2/N6 and designating new cyber authorities.Training – how we train our troops … what are we teaching in the school house and is it the right thingBefore we can start training we have to establish DoctrineContinuous improvement is needed to ensure we are training correctly – new ways of updating the school house will be needed as this domain changes so rapidlyMateriel – describes a reference model / implementation pattern for implementing future cyber command and control systems.Personnel – how do we motivate a workforce that is counter to all military honors and traditions to join the Cyber Warfare machineHuge cultural challenges await.The Story of our EVP and our Cyber GuysFacilities – illustrates the types of facilities (i.e. Network Operation Centers, Security Operation Centers, and Cyber Space Operation Centers) and the processes for federating across agency / organizational boundaries.
Messaging Web ApplicationsProtection BoundariesPhysical SecurityTelecommunication NetworksAccess Control