Cyber Challenges in a Hierarchical Culture

System Architectures Laboratory

Apr 8, 2023 1

Cyber Challengesin a

Hierarchical Society

Military Open Source SoftwareWorkshop Two

Lt Gen Robert Elder, USAF (Retired)Research Professor

August 3, 2010

System Architectures LaboratoryApr 8, 2023 2

Overview

Cyberspace as a global domain

Military Cyber Operations

Mission Assurance (Resilience)

Civilian Cyber Operations

Cyber Deterrence

Issues and Opportunities


ATTRIBUTESAnonymityAlter Egos

Time & DistanceVirtual PresenceInfo Commodity

Smart Agents

Cyberspace Importance

Apr 8, 2023 3

Infrastructure

Political

EconomicMilitary

InformationSocial


Cyberspace Domain Elements

Apr 8, 2023 4

Infrastructure

Electrom

agnetic

Environm

entElectronics

PhysicalNetwork

Modify, store,

exchange data

Encapsulation

System

Code

DataLogical (Virtual) Network

Cyberspace is a domain with characteristics comparable to the air, space, and maritime domains.

Produce or use data

Perceptio

ns Knowledge

User Relationships

USER(Social)Network

Share information & knowledgeMake & implement decisions


Cyberspace Functional Areas

Warfightin

g

& Commerce

Cyber domain importance is increasing

Cyber

Ops

Establish the Domain- Form Cyber Networks- Secure Cyber Networks

Defend the Domain- Passive Defense- Active Defense

Use the Domain- Legacy Augmentation- Cross-domain Operations- Participatory Services


Key Cyber Functional Elements

Data CollectionKnowledge Creation(Info Management)

Network OpsNetwork Security

(Communications)

Force EnhancementIntegrated X-domain Ops

Ops SupportMission Assurance

(Operations)

Actions in & through Cyberspace


Cyber Organizational Model

Hierarchical Model Cyber Model

Apr 8, 2023 7

Hierarchy Level ---- Power ---- ConnectionsHierarchy Level ---- Value ----- Contribution


PMESII in a Hierarchical World

Apr 8, 2023 8

Infrastructure

Political

Economic

Military

Information

Social

Diplomatic

Military

Information

Economic

Non-gov’t


PMESII in a Cyber World

Apr 8, 2023 9

Infrastructure

Political

Economic

Military

Information

Social

Diplomatic

Military

Information

Economic

Non-gov’t

Cyber/Social Networks


National Military Strategyfor Cyberspace Ops (NMS-CO)

Ways: Information Operations Network Operations Kinetic Actions Law Enforcement Counterintelligence

Enablers: Science & Technology Partnering Intelligence Support Law and policy Trained personnel

Joint Capability Areas: Battlespace Awareness

Force Generation

Command and Control

Information Operations

Net-centric Operations

Global Deterrence

Homeland Defense

Interagency Integration

Non-governmental organization coordination


Integrate cyber to achieve functional & theater effects: COCOMs

Tactical cyber integration: Service Components

Defend DoD GIG: STRATCOM (CYBERCOM)

Deter cyber weapons of mass effect: STRATCOM

Integrate cyber to achieve global effects: STRATCOM

Homeland Defense: NORTHCOM

Defense Support to Civil Authorities (DSCA): NORTHCOM

Defense Industrial Base Protection (HSPD 7): Services

Clandestine Cyber Ops: Intel Community (IC)

Intelligence collection, processing, and sharing: IC

Cyber Domain Military Missions

Apr 8, 2023 11


Military Cyberspace Activities

Network Ops Activities Comm Infrastructure Network Maintenance Network Security Network Defense (CND) Network Attack (CNA) Intel Processes (CNE) Self Defense (User) Defensive Influence Ops Packet Interdiction DSCA (civil authorities) HSPD 7 Support to DIB Ops Support (Log/Admin)

Integrated Cyber Ops Activities Infrastructure Protection EM defense measures Infrastructure Attack Offensive Influence Ops Electronic Attack Network Defense (Active) Kinetic/non-Kinetic integration Global/Theater Integration Force Enhancement (C2) EW Support (Cyber-OPE) Deter/Dissuade Ops Mission Assurance

Apr 8, 2023 12


Foundation: Network Operations

Global Expeditionary Cyber Ops - Physical Networks- Wireless Networks- Logical Networks

Establish “User” Networks- Data/Voice/VTC- Command & Control

Physical Network Security

Logical Network Security

Fly - Fight - Win

Establish, maintain, and secure the cyber domain


Degraded Cyberspace

Observe

AirSpaceLandSea

Cognitive “Space”

Sensors DataIntegration

OpsIntegration

Effects(Integrated Actions)

InfluenceOps

Conventional Ops

Intelligence

Application:Integrated Joint Operations

Logistics

Cyber

Orient

DecideAct

Situational Awareness

Linked Air Ops CentersEffects-based Operations


Cyber Attack

Observe

AirSpaceLandSea

Cognitive “Space”

DisruptSensors

Alter orInterdict Data

ImpairCollaboration

DegradeAction Integration

InfluenceOps

Conventional Ops

Intelligence

Logistics

Cyber

Orient

DecideAct

DenyCmd & Ctrl


2007 Air Force Cyber Study

Cyber will continue to be a contested environment.

The infrastructure on which the Air Force depends is controlled by both military and commercial entities and is vulnerable to attacks and manipulation.

Operations in the cyber domain have the ability to impact operations in other war-fighting domains.

Air Force must maintain capability to operate when the processing of vital information is challenged.

Nation must defend against data manipulation and denial of service; it’s not just an issue of data theft


Operationsin Contested Cyberspace

Apr 8, 2023 17

Human Organization

Mission Layer

App/Session Layer

OS/Network Layer

HW/Systems Layer

Devices & Linkages

DisinformationConfusionC2 DisruptionAlter Behaviors

InaccuraciesInduced FailuresDenial of ServiceData Exfiltration

MalfunctionsPerformance lossLost Comms

ATTACKS TARGETS EFFECTS

Insider Attacks;Social engineering

Data and policyCorruption

Worms, virusesFlooding

Backdoor Implants

Physical Destruction

Code ManipulationMalware

2008 Air Force Cyber Study:


PhysicalNetworks

PhysicalNetworks

Defend the Cyber Domain

Electronics (& Infrastructure)

Elec

trom

agne

tic S

pect

rum

Digital D

ata

Cyber Use

Force Protection

Elect

roni

c

Prote

ctio

nD

ata/Code

Protection

InfluenceProtection

Physical Attack(includes Directed Energy)

DigitalAttack

ElectromagneticSpectrumAttack

Influence Attack

LogicalNetworks

WirelessNetworks

Cyber Effects:• Denial of Service• Confidential Data Loss • Data Manipulation• System Integrity Loss

Social Networks


Major Cyberspace Players

Defense

Law Enforcement

Intelligence Community

Homeland Security

Counterintelligence

Military

Industry Consortiums

Regulatory Agencies

Commercial Providers

Potential Adversaries

Organized Crime

International Terrorists

Domestic Terrorists

Nation-State Intelligence

Nation-State Military

Industrial Intelligence

Cyber “Vandals”

Apr 8, 2023 19


Mission Assurance (Resilience)

Apr 8, 2023 20

Infrastructure

Electrom

agnetic

Environm

entElectronics

PhysicalNetwork

Encapsulation

System

Code

DataLogical (Virtual) Network

Perceptio

ns Knowledge

User Relationships

USER(Social)Network

InformationAssurance(NETOPS)

MissionAssurance

(Net-enabled Ops)“Fight Through

the Attack”

Infrastructure ProtectionElectronic Protection

(Physical Security)


Resiliency Study—C3 View

UAS Ctrl

AOC

ASOC

FusionCenter

SensorData

SensorData (in)

IntelInfo (out)

IntelInfo

Intel InfoCmd Input

GndStation

Cmd Out(Gnd Cdr)

Control (in)Data (out)

Cmd Out(Air Cdr)

Control (out)Sensor (in)

Sensor(Out)

CoordAOC/ASOC

CoordAOC/ASOC

Coord

AOC-UAS Terrestrial

Sensors

UAS: Unmanned Aerial SystemAOC: Air Operations CenterASOC: Air Support Operations Center

Target


Resiliency Study—Ops View

UAS Ctrl ASOC

FusionCenter

GndStation

AOC

SensorData

Sensors

Intel Info

SensorData (in)

IntelInfo (out)

Control (out)Sensor (in)

Sensor(Out)

Coord

Control (in)Data (out)

AOC/ASOCCoord

AOC-UAS Terrestrial

Black dotted lines denote operational connections

UAS: Unmanned Aerial SystemAOC: Air Operations CenterASOC: Air Support Operations Center

Target


The National Strategy to Secure Cyberspace (DHS lead)

Establish a public-private architecture for national response Provide for the development of tactical and strategic analysis of

cyber attacks and vulnerability assessments Encourage the development of a private sector capability to

share a synoptic view of the health of cyberspace Expand the Cyber Warning and Information Network to support

DHS cyberspace crisis management Improve national incident management Coordinate voluntary participation in national

public-private continuity and contingency plans Exercise cyber security continuity plans for federal systems Improve and enhance public-private information sharing

involving cyber attacks, threats, and vulnerabilities


Use Domain: Civilian Cyberspace

Establish Networks -- TELECOMs Maintain Networks (Security) – Information Officers Defend Networks (Business) – Associations? Business Ops Assurance – COO function? Ops through Cyber – Business Enhancement Ops through Cyber – Marketing/Sales Ops through Cyber – Knowledge Management Ops in Cyber – Virtual Travel Ops in Cyber – Virtual Presence Ops in Cyber – Producer/Consumer Dialogue

Apr 8, 2023 24


Value Chain in a Hierarchical World

Apr 8, 2023 25

Ou

tbo

un

dL

og

isti

cs

Inb

ou

nd

Lo

gis

tics

Op

erat

ion

s

Mar

keti

ng

& S

ales

Ser

vice

Procurement

Technology

Human Resources

Infrastructure

Marg

in

Primary Activities

Su

pp

ort

Act

ivit

ies

Porter, 1985


Value Chain in a Cyber World

OPPORTUNITIES Shopper Dialogue Information

Sharing Synchronized

Production Integrated

Logistics Sustainability Company Cyber

Culture

Apr 8, 2023 26

Consumer isa Partner

Quality isa commodity

OpenNetworkrules

ConsumerBehavior

Prod

uct

Flow

Information

Flow

FutureValueChain

GCI Initiative, 2008


United States Cyber Defense

Cyberspace Typology Private/Open Commercial Regulated Commercial Government (.gov) Military (Admin) Military (Ops) First Responders Economic Security Public Safety WMD/E Defense/I&W

Apr 8, 2023 27

Glo

bal

In

form

atio

n G

rid

and

DO

D N

etw

ork

sU

S G

ove

rnm

ent

Cyb

ersp

ace

US

In

tere

sts

in C

yber

spac

e OtherCyberspace

&Associated

CyberInfrastructure


Deterrence

Apr 8, 2023 28

Impose Cost

Messaging

ExplainActions

Encourage Restraint

Deny Benefits

ForcePosturing

DemonstrateReadiness

VisibleActivities

DemonstrateCapabilities

(Attack Attribution)

(Mission Assurance)

(Identify Actions & Behaviors to Deter)

Cyber

Cyber Deterrence Operations


Cyber Deterrence Building Blocks

Apr 8, 2023 29

Network and User Security

“Lock Doors”

UnderstandCritical Infrastructure

Vulnerabilities

Critical InfrastructureProtection

Internet ConnectionNorms & Protocols

International Regimesfor national cyber activity oversight

Law EnforcementActivities

Military OpsActivities

Non-military Government

Activities (DImE)

Visible, credible deterrence activities


Issues and Opportunities

Issues Increased cyber dependence

Supply chain vulnerabilities

Infrastructure vulnerabilities

Electronics vulnerabilities

Sensor disruption & spoofing

Increased wireless use

More complex attack vectors

Growth in cyber crime

Encryption vulnerabilities

Opportunities Mission Assurance

Attack Attribution

Voluntary LE Enabling Tools

Smart Network Nodes

Sensory Augmentation

Virtual Office & Social Spaces

Knowledge Mgmt Services

Artificial Intelligence Apps

Interactive Smart Agents


Support the “Smart User”

User Behavior Analysis (User Recognition) Application Wrapping & Monitoring (Adaptive Filters) Centralized Systems Configuration Management Software Diversity (for critical systems) Database Clustering (Enterprise Service Units) Application Clustering (Area Processing Centers) Application Tampering Detection (Hash registration) User Self-defense Tools (“Cyber Sidearm”) Packet Assurance Checking (“Packet Escort”) Application/System Hardening ("Cyber Body Armor")


Challenge: Hierarchical Thinking

Hierarchical Model Cyber Model

Apr 8, 2023 32

Hierarchy Level ---- Power ---- ConnectionsHierarchy Level ---- Value ----- Contribution