Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
UNCLASSIFIEDAs of: 8/21/2019 8:22:16 AM
UNCLASSIFIED
Cyber Quest 2020 Industry Day
BUILDING A WORLD CLASS CYBER WORKFORCE
UNCLASSIFIEDAs of: 8/21/2019 8:22:16 AM
UNCLASSIFIED
INDUSTRY DAY AGENDA
• Location: Room Estes B, Marriott Hotel
• Welcome/Introductions/Purpose: 0800 – 0815;
• Submission requirements/Schedule: 0815 – 0830;
• TCM Cyber: 0830 – 0930;
• Break: 0930 - 0945
• TCM EW: 0945 – 1045;
• Break: 1045 – 1100;
• TCM NS: 1100 – 1200;
• Lunch Break: 1200 – 1315;
• TCM TR/N-CFT: 1315 – 1415;
• Breakout TCM meetings: 1415 – 1515;
• Closeout: 1530.
UNCLASSIFIEDAs of: 8/21/2019 8:22:16 AM
UNCLASSIFIED
Cyber Quest 20 Draft Objectives
TCM Cyber (Situational Understanding)
• Identify technologies that will enhance the commander's Cyber SU during Multi Domain Operations (MDO).
• Identify technologies capable of assessing overall mission risk and Cyber defensive posture.
• Identify and integrate technologies capable of displaying and sharing user defined and mission relevant social media trends.
• Identify technologies capable of immediately integrating with emerging CPCE and other programs of record.
TCM Electronic Warfare
• Identify EW support (ES) technologies that detect signals between 2Mhz and 40Ghz, including frequency hopping technologies, at greater than 50km.
• Identify technologies that can provide the commander the ability sense and visualize their use of the electro-magnetic spectrum.
• Identify emerging technologies that can provide the freedom of movement within a saturated EME by utilizing spectrum obscuration.
TCM Networks and Services and TCM EW
• Identify emerging radio technologies that can provide Army BCT and below a High Capacity (HC), Line of Sight (LOS), terrestrial backhaul network that can support TLS (Terrestrial Layer System) and Logistics network (LOGNET) requirements.
• Integrate enterprise and tactical NETOPS capabilities into a single comprehensive system that provides the user with the ability to view and manage/control within the network.
• Demonstrate Identify and Credential Access Management (ICAM) capabilities that create trusted digital identity representations of Personal (PEs) and Non Personal Entities (NPEs).
• Demonstrate emerging Information Dissemination Management Content Staging (IDMCS) capabilities that ensure the correctly prioritized information is provided at the required time and to the required location by the appropriate individual.
TCM Tactical Radios • Identity LEO and MEO satellite capabilities that can support Army Integrated Tactical Network (ITN) Capability Set 23 and/or Assured -
Positioning, Navigation, and Timing requirements.• Assess Advanced Networking Waveforms (ANWf) and Dynamic Spectrum Allocation technologies• Identify technologies for Assured Voice Communications leveraging FH3/CT2
TCM Cyber (Offensive Cyber Operations)
• Provide a tailorable survey platform of the electromagnetic spectrum with a focus on 802.11, cellular and Bluetooth.
• Identify capabilities that can deny, degrade, disrupt, destroy and manipulate secure networks, devices and applications through RF enabled delivery methods.
TCM Cyber Defensive Cyber Operations)
• Identify capabilities that allow the dynamic reshaping of cyberspace based on mission and threat to include obfuscation, deception, and evasion
• Assess technologies that have autonomous active cyber defense.
UNCLASSIFIEDAs of: 8/21/2019 8:22:17 AM
UNCLASSIFIED
Timeline
Broad Agency Announcement published – NLT 9 Aug 2019Cyber Quest Industry Day – *23 Aug 2019 Deadline for White Paper submissions: 13 Sep 19 Initial Technology Selection (based on White Papers): 23 Sep 19Technology Demonstrations (Fort Gordon): *14 - 18 Oct 19Vendor notifications: 29 Oct 19 Initial Planning Meeting/Coordinated Working Group #1: (19 – 22 Nov 19) Initial Planning Meeting/Coordinated Working Group #2: TBD (25 – 28 Feb 20) Initial Planning Meeting/Coordinated Working Group #3: TBD (21 – 24 Apr 20)Technology Integration Phase Start: 16 Mar 20Cyber Quest Execution: 25 May – 19 Jun 20
* Note: this date may change due to AUSA meeting, 14 – 16 OCT 2019.
UNCLASSIFIEDAs of: 8/21/2019 8:22:17 AM
UNCLASSIFIED
Submission Requirements
• Vendors may respond to one or more areas listed in the BAA in the form of a whitepaper and quad chart.
• One whitepaper and quad chart must be submitted for each experiment objective addressed.
• Whitepapers must be 5 pages in length, excluding the cover page. They should be single-sided, single spaced, utilize one (1) inch margins and Times New Roman 12 pitch font.
• Clearly state what objective you are responding to and explain how your technology addresses it.
• Cleary state any ITAR restrictions or security classification requirements.
UNCLASSIFIEDAs of: 8/21/2019 8:22:18 AM
UNCLASSIFIED
Product Name
Technology Sponsor
Technical Description
Operational Description
What does it do? How does it help the soldier?
This information was approved for publishing per the ITAR as “basic marketing information of defense articles” or per the EAR as “advertising printed matter”.
VENDOR POC, contact information, and Address
Picture/OV-1
Vendor LOGO
UNCLASSIFIEDAs of: 8/21/2019 8:22:18 AM
UNCLASSIFIED
TCM Cyber Capability Areas of
Interest
BUILDING A WORLD CLASS CYBER WORKFORCE
UNCLASSIFIEDAs of: 8/21/2019 8:22:18 AM
UNCLASSIFIED
8** Representative- Not ALL Inclusive
Depiction, perception, and understanding of cyberspace- Enables delivery of effects in support of operations
Fidelity of Information Correlation of Information- Situational Understanding
OperatorInformation Requirements
Health and Status
Network Configuration
Network Topology
Re
d C
ybe
r
Individual Staff
Sections
S6 Network Health and
Status
Network Configuration
EWO (EWPMT)
EW Assets
Frequency Allocation
S2/G2 (DCGS-A)
Network Topology
Organizational Information Requirements
Cyber SUAnalytics
Signal Cyber Data
EW Cyber Data
Intelligence Cyber Data
Commander’s Integrated COP
• Provides a virtual depiction of the
Commander’s battlespace
• Displays operational impact of
CEMA for the Commander
• Correlates traditionally stovepiped
information; enriching data and
information into knowledge and
understanding in near real time
• Expedites the incorporation of
CEMA throughout all phases of an
operation
• Synchronizes capabilities across
domains and warfighting functions
and maximizes complementary
effects in and through cyberspace
and the EMS
Operations
Cyber ROE
Mis
sio
n C
MD
COA Analysis
Cyber ROE
COA Analysis
S3 (MC)
Network Configurations
Red Forces
Network Topology
Red Cyber Forces
Cyber Personas
TrendsAlerts
Cyberspace/CEMA
Operations
Cyberspace/CEMA Running
Estimate
Network AwarenessAsset IdentificationVulnerability ManagementIncident ManagementAuthorized Service Interruptions
Threat AwarenessAdversary Disposition/ ActionsInsider ThreatSocial Media
Mission AwarenessOperational AssessmentCyber Forces StatusCyberspace Mission Impacts on
Current Operations
Mission Command Cyber Data
Social Layer Data
CEMA Working Group
CC
IRs
Cyber SU Supporting Army CEMA Cyberspace SU
Cyberspace/CEMA Overlay
(COP)
Cyb
er
OP
SSo
cial
La
yer
EMS
Act
ivit
ies
EMS Emitters
Frequency Allocation
EW Assets
Blu
e
Ne
two
rk
Network Survivability
Key Terrain in Cyberspace
Cyberspace Defense CWSB / CPTs
Network Survivability
Cyberspace Defense
Mission Protection
Planning Execution
Tailored Information Relevant to the Current Mission & CDR’s Critical Information Requirements (Situational Understanding)
Cyberspace Situational Understanding
UNCLASSIFIEDAs of: 8/21/2019 8:22:19 AM
UNCLASSIFIED
Experiment Objective #1 (Cyber SU) – TCM Cyber
• Identify technologies that will enhance Commander and Staff Cyber Situational Understanding, through the graphical depiction of three layers of cyberspace (physical, logical, and persona). The Graphical User Interface should provide the following views during near-real-time Multi-Domain Operations (MDO): “see YOURSELF”, “see Your BATTLESPACE”, and “Understand the BATTLESPACE”.
• Identify pre-defined and user defined analytic algorithms capable of depicting mission impact based on correlation of multiple data sets (e.g., net flows, packet capture, vulnerability data, alerts, etc.) and variables (e.g., key terrain – cyber, threat vector, warfighting functions, system dependencies, etc.).
• Identify technologies capable of assessing overall mission risk and cyber defensive posture by correlating inputs from multiple network sources, to include, key terrain - cyber, STIGs, system vulnerabilities, risk mitigations, etc.
• Identify and integrate technologies capable of displaying and sharing user defined and mission relevant social media trends.
• Identify available technologies capable of immediately integrating with emerging CPCE and other programs of record to make the Commander more mobile, agile and lethal.
Cyberspace Situational Understanding
UNCLASSIFIEDAs of: 8/21/2019 8:22:19 AM
UNCLASSIFIED
Offensive Cyberspace Operations
FM 3-12 - Cyberspace Actions:Cyberspace ISR/OPE
• Survey Electromagnetic Spectrum (EMS) – Identify Targets
• network mapping and enumeration
Cyberspace Attack• Rapid packaging of
lightweight cyberspace effects.
• Radio Frequency (RF) enabled non-kinetic effects
Operator Efficiency• Methods to reduce cyber
operator cognitive load/error
Pursuit of Advanced Cyberspace Capabilities to Support Unified Land Operations
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
Experiment Objective #2 (Offensive Operations) – TCM Cyber
• Identify emerging cyberspace technologies and procedures that will provide the commander RF enabled non-kinetic effects in support of offensive operations.
• Integrate new and existing cyberspace technologies and procedures to prosecute and exploit advanced waveforms and emerging wireless and IoT protocols.
• Integrate new and existing cyberspace technologies and procedures that provide support to mission planning, rehearsal, and execution of Offensive Cyberspace Operations.
Offensive Cyberspace Operations
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
• Provide cyber-deception capabilities that
could be employed to provide early
warning, false information, confuse, delay,
or otherwise impede cyber attackers to the
benefit of friendly forces.
• Threat and mission driven response
• Cyber stealth technology
• Signature masking and reduction
• Environment obfuscation and
randomization
• Return to a known trusted state while
operating
Defensive Cyberspace Operations
Dynamic reconfiguration to obfuscate
Decoy/Early Warning
Cyberspace Deception
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
13
Experiment Objective # 3 (Defensive Operations) – TCM Cyber
• Identify cyber deception capabilities that incorporate automated threat and/or mission driven response activities.
• The cyber deception capability leverages stealth technologies to support signature masking and/or reduction.
• The deception capability supports randomization of infrastructure, systems, and supporting variables to confuse or redirect the adversary.
• Lastly, the cyber deception capability allows for the normalization of the environment post automated threat deception activity.
• Assess technologies that have autonomous active cyber defense.
Defensive Cyberspace Operations
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
QUESTIONS?
Roy SnodgrassTCM-Cyber
Cyber CoE, Fort Gordon, GA 706.791.0787
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
TCM Electronic Warfare (EW)
Capability Areas of Interest
BUILDING A WORLD CLASS CYBER WORKFORCE
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
TCM Networks and Services (N&S)
Capability Areas of Interest
BUILDING A WORLD CLASS CYBER WORKFORCE
UNCLASSIFIEDAs of: 8/21/2019 8:22:20 AM
UNCLASSIFIED
17
Objectives
• Identify emerging radio technologies that can provide Army tactical units a High Capacity (HC), Line of Sight (LOS), terrestrial backhaul network that can support TLS (Terrestrial Layer System) and Logistics network (LOGNET) requirements.
• Demonstrate Identify and Credential Access Management (ICAM) capabilities that create trusted digital identity representations of Personal (PEs) and Non Personal Entities (NPEs).
• Model, simulate, and visually display the current and planned network.
• Provide the capability to leverage threat-based analytics, artificial intelligence/machine learning to dynamically and/or automatically manage and control large numbers of network devices
UNCLASSIFIEDAs of: 8/21/2019 8:22:21 AM
UNCLASSIFIED
18
TCM Networks and Services CQ19
Challenge:
• How to best manage and integrate digital identities
Need:
• A means to securely access systems, devices, networks, applications, and services in all security enclaves
• Tools to manage account provisioning, synchronize directory services, or an association of various identities or attributes, while supporting a service against which users can authenticate using a single identity
Vendor solution:
• A fully automated Identity and Access management platform that is simple and intuitive to use
Results:
• Soldiers stated that the was simple and intuitive to use and provided more automated control and better Access Management
• Reports and query capabilities enabled easier and quicker internal reporting
Challenge:
• There are more demands on the tactical networks than there are network resources to support the demand
• The enemy will make every effort to deny our abilities to use our networks
Need:
• Ensure the most critical data is delivered to the right place at the right time
• Control data transfers in accordance with priorities
Results:
• Assured Messaging/Delivery during limited and disconnected networks conditions by queuing/spooling and using a store and forward capability
• Data Prioritization (by type of data) even when there is more overall data than the network can handle
• Publish and Subscribe capability can optimize network performance
• Link Prioritization across a single WAN link
Identity Credential and Access Management
Information Dissemination Management/Content Staging
UNCLASSIFIEDAs of: 8/21/2019 8:22:21 AM
UNCLASSIFIED
19
Identity Credential and Access Management
Current Capability
• No current ICAM capability in Tactical Formations
• User Name and Password on CPOF, BCCS Systems (AFATDS, AMDEWS, TAIS, etc…)
• Persona Based Access
Gap
• How can the Army improve Defensive Cyber Operations and Cybersecurity
• How can the Army better authenticate users and devices and share information across multiple networks
Importance to the Army
• Current capability allows more probably of Insider Threat (through User Name and Password)
• No automated checks and balances to access data
• Current capability does not check credentials or have a standardized Public Key Enabled (PKE) infrastructure
• Current capability is Persona Based and not Role Based. Roll Based Access is more secure and only allows access to approved data where Persona Based has little to no access control
Way Ahead
• Multifactor Authentication
• (Who you are, what you have, what you know)
• Standardized PKE with CRL search for verify Credentials
• Role Based Access to approved data
• Implement a more simple, intuitive, and automated process
UNCLASSIFIEDAs of: 8/21/2019 8:22:21 AM
UNCLASSIFIED
20
Information Dissemination Management and Content Staging
Current Capability
• WIN-T NetOps can only prioritize data by VLAN
• No prioritization of data across network by type (WfF, video, audio, sensor, etc), source, destination, unit, role, location
• No automation of the Content Staging of critical or prioritized data
Gap
• How can the Army improve Information Dissemination Management and Content Staging
Importance to the Army
• There is more demand on the future tactical network than the current tactical network capacity can handle (more networked devices, sensors, STE, IVAS, IoT)
• Disconnected, Intermittent, Limited, - Congested, Contested (DIL-CC) network conditions exist. The enemy will work to deny our ability to use our networks
• Commanders must be able to prioritize and stage data so that critical information is delivered and available when/where needed
Way Ahead
• Refine operational requirements
• Experiment with potential solutions
• Deliver/field ICM/CS & content management solutions that meet Unified Network Operations (UNO) requirements
• Implement a more simple, intuitive, and automated process
UNCLASSIFIEDAs of: 8/21/2019 8:22:21 AM
UNCLASSIFIED
21
Protected/Resilient SATCOM Technologies
Current Capability
• SMART-T is currently the Army’s only Anti-Jam (AJ) SATCOM terminal, providing a high level of AJ protection (against peer/near peer threats) using AEHF satellites
• 3-Star MC GOSC decision to reduce #SMART-T’s by 74 in order to maintain the remaining 204 SMART-T’s fielded through approximately 2029 and beyond timeframe
Gap
• How can the Army improve network connectivity/Capacity
• How can the Army operate in an electronic protection and electronic warfare capable environment
Importance to the Army
• Enables a survivable and assured SATCOM network ready to fight in MDO now and into the future
• Provides a high level of AJ protection (against peer/near peer threats
• Adds resiliency to the network transport for operations in multi-domain environments
Way Ahead
• Near term fielding of Network Centric Waveform Resilient (NCW-R) and Protected Tactical Waveform (PTW) over WGS/Commercial satellites for limited AJ protection for Army wideband terminals
• Identify LEO and MEO satellite capabilities that can provide added resiliency to network transport
• Pursue Protected Tactical Satellite (PTS) with PTW (in Army terminals) to obtain better AJ performance & throughput than current SMART over AEHF satellites
UNCLASSIFIEDAs of: 8/21/2019 8:22:22 AM
UNCLASSIFIED
TCM Tactical Radio (TR) Capability
Areas of Interest
BUILDING A WORLD CLASS CYBER WORKFORCE
UNCLASSIFIEDAs of: 8/21/2019 8:22:22 AM
UNCLASSIFIED
QUESTIONS?