Cyber Quest 2020 Industry Day - AFCEA · 2019. 8. 21. · As of: 8/21/2019 8:22:17 AM UNCLASSIFIED UNCLASSIFIED Timeline Broad Agency Announcement published –NLT 9 Aug 2019 Cyber

UNCLASSIFIEDAs of: 8/21/2019 8:22:16 AM

UNCLASSIFIED

Cyber Quest 2020 Industry Day

BUILDING A WORLD CLASS CYBER WORKFORCE


UNCLASSIFIED

INDUSTRY DAY AGENDA

• Location: Room Estes B, Marriott Hotel

• Welcome/Introductions/Purpose: 0800 – 0815;

• Submission requirements/Schedule: 0815 – 0830;

• TCM Cyber: 0830 – 0930;

• Break: 0930 - 0945

• TCM EW: 0945 – 1045;

• Break: 1045 – 1100;

• TCM NS: 1100 – 1200;

• Lunch Break: 1200 – 1315;

• TCM TR/N-CFT: 1315 – 1415;

• Breakout TCM meetings: 1415 – 1515;

• Closeout: 1530.


UNCLASSIFIED

Cyber Quest 20 Draft Objectives

TCM Cyber (Situational Understanding)

• Identify technologies that will enhance the commander's Cyber SU during Multi Domain Operations (MDO).

• Identify technologies capable of assessing overall mission risk and Cyber defensive posture.

• Identify and integrate technologies capable of displaying and sharing user defined and mission relevant social media trends.

• Identify technologies capable of immediately integrating with emerging CPCE and other programs of record.

TCM Electronic Warfare

• Identify EW support (ES) technologies that detect signals between 2Mhz and 40Ghz, including frequency hopping technologies, at greater than 50km.

• Identify technologies that can provide the commander the ability sense and visualize their use of the electro-magnetic spectrum.

• Identify emerging technologies that can provide the freedom of movement within a saturated EME by utilizing spectrum obscuration.

TCM Networks and Services and TCM EW

• Identify emerging radio technologies that can provide Army BCT and below a High Capacity (HC), Line of Sight (LOS), terrestrial backhaul network that can support TLS (Terrestrial Layer System) and Logistics network (LOGNET) requirements.

• Integrate enterprise and tactical NETOPS capabilities into a single comprehensive system that provides the user with the ability to view and manage/control within the network.

• Demonstrate Identify and Credential Access Management (ICAM) capabilities that create trusted digital identity representations of Personal (PEs) and Non Personal Entities (NPEs).

• Demonstrate emerging Information Dissemination Management Content Staging (IDMCS) capabilities that ensure the correctly prioritized information is provided at the required time and to the required location by the appropriate individual.

TCM Tactical Radios • Identity LEO and MEO satellite capabilities that can support Army Integrated Tactical Network (ITN) Capability Set 23 and/or Assured -

Positioning, Navigation, and Timing requirements.• Assess Advanced Networking Waveforms (ANWf) and Dynamic Spectrum Allocation technologies• Identify technologies for Assured Voice Communications leveraging FH3/CT2

TCM Cyber (Offensive Cyber Operations)

• Provide a tailorable survey platform of the electromagnetic spectrum with a focus on 802.11, cellular and Bluetooth.

• Identify capabilities that can deny, degrade, disrupt, destroy and manipulate secure networks, devices and applications through RF enabled delivery methods.

TCM Cyber Defensive Cyber Operations)

• Identify capabilities that allow the dynamic reshaping of cyberspace based on mission and threat to include obfuscation, deception, and evasion

• Assess technologies that have autonomous active cyber defense.


UNCLASSIFIED

Timeline

Broad Agency Announcement published – NLT 9 Aug 2019Cyber Quest Industry Day – *23 Aug 2019 Deadline for White Paper submissions: 13 Sep 19 Initial Technology Selection (based on White Papers): 23 Sep 19Technology Demonstrations (Fort Gordon): *14 - 18 Oct 19Vendor notifications: 29 Oct 19 Initial Planning Meeting/Coordinated Working Group #1: (19 – 22 Nov 19) Initial Planning Meeting/Coordinated Working Group #2: TBD (25 – 28 Feb 20) Initial Planning Meeting/Coordinated Working Group #3: TBD (21 – 24 Apr 20)Technology Integration Phase Start: 16 Mar 20Cyber Quest Execution: 25 May – 19 Jun 20

* Note: this date may change due to AUSA meeting, 14 – 16 OCT 2019.


UNCLASSIFIED

Submission Requirements

• Vendors may respond to one or more areas listed in the BAA in the form of a whitepaper and quad chart.

• One whitepaper and quad chart must be submitted for each experiment objective addressed.

• Whitepapers must be 5 pages in length, excluding the cover page. They should be single-sided, single spaced, utilize one (1) inch margins and Times New Roman 12 pitch font.

• Clearly state what objective you are responding to and explain how your technology addresses it.

• Cleary state any ITAR restrictions or security classification requirements.


UNCLASSIFIED

Product Name

Technology Sponsor

Technical Description

Operational Description

What does it do? How does it help the soldier?

This information was approved for publishing per the ITAR as “basic marketing information of defense articles” or per the EAR as “advertising printed matter”.

VENDOR POC, contact information, and Address

Picture/OV-1

Vendor LOGO


UNCLASSIFIED

TCM Cyber Capability Areas of

Interest



UNCLASSIFIED

8** Representative- Not ALL Inclusive

Depiction, perception, and understanding of cyberspace- Enables delivery of effects in support of operations

Fidelity of Information Correlation of Information- Situational Understanding

OperatorInformation Requirements

Health and Status

Network Configuration

Network Topology

Re

d C

ybe

r

Individual Staff

Sections

S6 Network Health and

Status

Network Configuration

EWO (EWPMT)

EW Assets

Frequency Allocation

S2/G2 (DCGS-A)

Network Topology

Organizational Information Requirements

Cyber SUAnalytics

Signal Cyber Data

EW Cyber Data

Intelligence Cyber Data

Commander’s Integrated COP

• Provides a virtual depiction of the

Commander’s battlespace

• Displays operational impact of

CEMA for the Commander

• Correlates traditionally stovepiped

information; enriching data and

information into knowledge and

understanding in near real time

• Expedites the incorporation of

CEMA throughout all phases of an

operation

• Synchronizes capabilities across

domains and warfighting functions

and maximizes complementary

effects in and through cyberspace

and the EMS

Operations

Cyber ROE

Mis

sio

n C

MD

COA Analysis

Cyber ROE

COA Analysis

S3 (MC)

Network Configurations

Red Forces

Network Topology

Red Cyber Forces

Cyber Personas

TrendsAlerts

Cyberspace/CEMA

Operations

Cyberspace/CEMA Running

Estimate

Network AwarenessAsset IdentificationVulnerability ManagementIncident ManagementAuthorized Service Interruptions

Threat AwarenessAdversary Disposition/ ActionsInsider ThreatSocial Media

Mission AwarenessOperational AssessmentCyber Forces StatusCyberspace Mission Impacts on

Current Operations

Mission Command Cyber Data

Social Layer Data

CEMA Working Group

CC

IRs

Cyber SU Supporting Army CEMA Cyberspace SU

Cyberspace/CEMA Overlay

(COP)

Cyb

er

OP

SSo

cial

La

yer

EMS

Act

ivit

ies

EMS Emitters

Frequency Allocation

EW Assets

Blu

e

Ne

two

rk

Network Survivability

Key Terrain in Cyberspace

Cyberspace Defense CWSB / CPTs

Network Survivability

Cyberspace Defense

Mission Protection

Planning Execution

Tailored Information Relevant to the Current Mission & CDR’s Critical Information Requirements (Situational Understanding)

Cyberspace Situational Understanding


UNCLASSIFIED

Experiment Objective #1 (Cyber SU) – TCM Cyber

• Identify technologies that will enhance Commander and Staff Cyber Situational Understanding, through the graphical depiction of three layers of cyberspace (physical, logical, and persona). The Graphical User Interface should provide the following views during near-real-time Multi-Domain Operations (MDO): “see YOURSELF”, “see Your BATTLESPACE”, and “Understand the BATTLESPACE”.

• Identify pre-defined and user defined analytic algorithms capable of depicting mission impact based on correlation of multiple data sets (e.g., net flows, packet capture, vulnerability data, alerts, etc.) and variables (e.g., key terrain – cyber, threat vector, warfighting functions, system dependencies, etc.).

• Identify technologies capable of assessing overall mission risk and cyber defensive posture by correlating inputs from multiple network sources, to include, key terrain - cyber, STIGs, system vulnerabilities, risk mitigations, etc.

• Identify and integrate technologies capable of displaying and sharing user defined and mission relevant social media trends.

• Identify available technologies capable of immediately integrating with emerging CPCE and other programs of record to make the Commander more mobile, agile and lethal.

Cyberspace Situational Understanding


UNCLASSIFIED

Offensive Cyberspace Operations

FM 3-12 - Cyberspace Actions:Cyberspace ISR/OPE

• Survey Electromagnetic Spectrum (EMS) – Identify Targets

• network mapping and enumeration

Cyberspace Attack• Rapid packaging of

lightweight cyberspace effects.

• Radio Frequency (RF) enabled non-kinetic effects

Operator Efficiency• Methods to reduce cyber

operator cognitive load/error

Pursuit of Advanced Cyberspace Capabilities to Support Unified Land Operations


UNCLASSIFIED

Experiment Objective #2 (Offensive Operations) – TCM Cyber

• Identify emerging cyberspace technologies and procedures that will provide the commander RF enabled non-kinetic effects in support of offensive operations.

• Integrate new and existing cyberspace technologies and procedures to prosecute and exploit advanced waveforms and emerging wireless and IoT protocols.

• Integrate new and existing cyberspace technologies and procedures that provide support to mission planning, rehearsal, and execution of Offensive Cyberspace Operations.

Offensive Cyberspace Operations


UNCLASSIFIED

• Provide cyber-deception capabilities that

could be employed to provide early

warning, false information, confuse, delay,

or otherwise impede cyber attackers to the

benefit of friendly forces.

• Threat and mission driven response

• Cyber stealth technology

• Signature masking and reduction

• Environment obfuscation and

randomization

• Return to a known trusted state while

operating

Defensive Cyberspace Operations

Dynamic reconfiguration to obfuscate

Decoy/Early Warning

Cyberspace Deception


UNCLASSIFIED

13

Experiment Objective # 3 (Defensive Operations) – TCM Cyber

• Identify cyber deception capabilities that incorporate automated threat and/or mission driven response activities.

• The cyber deception capability leverages stealth technologies to support signature masking and/or reduction.

• The deception capability supports randomization of infrastructure, systems, and supporting variables to confuse or redirect the adversary.

• Lastly, the cyber deception capability allows for the normalization of the environment post automated threat deception activity.

• Assess technologies that have autonomous active cyber defense.

Defensive Cyberspace Operations


UNCLASSIFIED

QUESTIONS?

Roy SnodgrassTCM-Cyber

Cyber CoE, Fort Gordon, GA 706.791.0787

[email protected]

mailto:[email protected]


UNCLASSIFIED

TCM Electronic Warfare (EW)

Capability Areas of Interest



UNCLASSIFIED

TCM Networks and Services (N&S)

Capability Areas of Interest



UNCLASSIFIED

17

Objectives

• Identify emerging radio technologies that can provide Army tactical units a High Capacity (HC), Line of Sight (LOS), terrestrial backhaul network that can support TLS (Terrestrial Layer System) and Logistics network (LOGNET) requirements.

• Demonstrate Identify and Credential Access Management (ICAM) capabilities that create trusted digital identity representations of Personal (PEs) and Non Personal Entities (NPEs).

• Model, simulate, and visually display the current and planned network.

• Provide the capability to leverage threat-based analytics, artificial intelligence/machine learning to dynamically and/or automatically manage and control large numbers of network devices


UNCLASSIFIED

18

TCM Networks and Services CQ19

Challenge:

• How to best manage and integrate digital identities

Need:

• A means to securely access systems, devices, networks, applications, and services in all security enclaves

• Tools to manage account provisioning, synchronize directory services, or an association of various identities or attributes, while supporting a service against which users can authenticate using a single identity

Vendor solution:

• A fully automated Identity and Access management platform that is simple and intuitive to use

Results:

• Soldiers stated that the was simple and intuitive to use and provided more automated control and better Access Management

• Reports and query capabilities enabled easier and quicker internal reporting

Challenge:

• There are more demands on the tactical networks than there are network resources to support the demand

• The enemy will make every effort to deny our abilities to use our networks

Need:

• Ensure the most critical data is delivered to the right place at the right time

• Control data transfers in accordance with priorities

Results:

• Assured Messaging/Delivery during limited and disconnected networks conditions by queuing/spooling and using a store and forward capability

• Data Prioritization (by type of data) even when there is more overall data than the network can handle

• Publish and Subscribe capability can optimize network performance

• Link Prioritization across a single WAN link

Identity Credential and Access Management

Information Dissemination Management/Content Staging


UNCLASSIFIED

19

Identity Credential and Access Management

Current Capability

• No current ICAM capability in Tactical Formations

• User Name and Password on CPOF, BCCS Systems (AFATDS, AMDEWS, TAIS, etc…)

• Persona Based Access

Gap

• How can the Army improve Defensive Cyber Operations and Cybersecurity

• How can the Army better authenticate users and devices and share information across multiple networks

Importance to the Army

• Current capability allows more probably of Insider Threat (through User Name and Password)

• No automated checks and balances to access data

• Current capability does not check credentials or have a standardized Public Key Enabled (PKE) infrastructure

• Current capability is Persona Based and not Role Based. Roll Based Access is more secure and only allows access to approved data where Persona Based has little to no access control

Way Ahead

• Multifactor Authentication

• (Who you are, what you have, what you know)

• Standardized PKE with CRL search for verify Credentials

• Role Based Access to approved data

• Implement a more simple, intuitive, and automated process


UNCLASSIFIED

20

Information Dissemination Management and Content Staging

Current Capability

• WIN-T NetOps can only prioritize data by VLAN

• No prioritization of data across network by type (WfF, video, audio, sensor, etc), source, destination, unit, role, location

• No automation of the Content Staging of critical or prioritized data

Gap

• How can the Army improve Information Dissemination Management and Content Staging


• There is more demand on the future tactical network than the current tactical network capacity can handle (more networked devices, sensors, STE, IVAS, IoT)

• Disconnected, Intermittent, Limited, - Congested, Contested (DIL-CC) network conditions exist. The enemy will work to deny our ability to use our networks

• Commanders must be able to prioritize and stage data so that critical information is delivered and available when/where needed

Way Ahead

• Refine operational requirements

• Experiment with potential solutions

• Deliver/field ICM/CS & content management solutions that meet Unified Network Operations (UNO) requirements

• Implement a more simple, intuitive, and automated process


UNCLASSIFIED

21

Protected/Resilient SATCOM Technologies

Current Capability

• SMART-T is currently the Army’s only Anti-Jam (AJ) SATCOM terminal, providing a high level of AJ protection (against peer/near peer threats) using AEHF satellites

• 3-Star MC GOSC decision to reduce #SMART-T’s by 74 in order to maintain the remaining 204 SMART-T’s fielded through approximately 2029 and beyond timeframe

Gap

• How can the Army improve network connectivity/Capacity

• How can the Army operate in an electronic protection and electronic warfare capable environment


• Enables a survivable and assured SATCOM network ready to fight in MDO now and into the future

• Provides a high level of AJ protection (against peer/near peer threats

• Adds resiliency to the network transport for operations in multi-domain environments

Way Ahead

• Near term fielding of Network Centric Waveform Resilient (NCW-R) and Protected Tactical Waveform (PTW) over WGS/Commercial satellites for limited AJ protection for Army wideband terminals

• Identify LEO and MEO satellite capabilities that can provide added resiliency to network transport

• Pursue Protected Tactical Satellite (PTS) with PTW (in Army terminals) to obtain better AJ performance & throughput than current SMART over AEHF satellites


UNCLASSIFIED

TCM Tactical Radio (TR) Capability

Areas of Interest



UNCLASSIFIED

QUESTIONS?

Documents

Cyber Quest 2020 Industry Day - AFCEA · 2019. 8. 21. · As of: 8/21/2019 8:22:17 AM UNCLASSIFIED UNCLASSIFIED Timeline Broad Agency Announcement published –NLT 9 Aug 2019 Cyber