Transcript CYBER DOMAIN Situational Awareness
CYBER DOMAIN Situational Awareness
AFCEA, San Antonio, TX 7 June 2011
Robert J. Carey
DEPUTY ASSISTANT SECRETARY OF DEFENSE (Information Management, Integration, and Technology) & DoD DEPUTY CHIEF INFORMATION OFFICER (703) 614-7323 [email protected]
Areas for Today’s Discussion
•
DoD Cyber Landscape/Situation
•
DoD Cyber Strategy
•
DoD CIO – CYBERCOM Relationship
•
Cyber Intelligence
•
Challenge of Situational Awareness
•
Initiatives
•
The Way Ahead
2
DoD Network Landscape
IT Systems
•
~10,000 Operational systems (20% mission critical)
•
>772 Data Centers
•
~67,000Servers
•
~7+ million computers and IT devices
•
~15,000 networks
•
Thousands of email servers, firewalls, proxy servers, etc.
Total IT Budget
•
>$ 38 Billion in FY12
o
>$16 Billion in IT Infrastructure
o
>$2 Billion for Cyber Security Defense Industrial Base
• •
36 DIB partners 2650 Cleared Def Contractors
•
Thousands of business partners DoD IT User Base
•
1.4 million active duty
•
750,000 civilian personnel
•
1.1 million National Guard and Reserve
•
5.5+ million family members and military retirees
• • •
146 + countries 6,000 + locations 600,000 + buildings and structures Problem
• Decentralized planning, standards, and operations over the years • Rapidly evolving technology
Has Resulted In
• Increased Cyber vulnerabilities • Impediments to joint operations • Large cumulative costs • Inability to fully capitalize on information technology 3
Our Challenge
The warfighter expects/needs access to information – from any device, anywhere, anytime
4
Situation
• • • • •
Our vast current attack surface cannot be defended well Absolute reliance upon networks to accomplish our National Security mission Our Networks are complex and expensive to defend and maintain USG and Industry largely in the same situation Defense Cyber Crime Center (DC3) and the DIB are our intelligence information sharing platforms via DIBnet
•
Partnership with Intelligence Community essential
Need Greater Connectivity, Agility, And Flexibility
5
DoD’s Cyber Strategy 5 Pillars
• Cyberspace as a domain • New defense operating concepts • Extending cyber defenses • International partners • Technology and innovation
Get In Front of the Threat
6
DoD CIO – USCYBERCOM Relationship
DoD CIO Establishes policies, processes, and standards for ensuring information delivery and authorized access.
USCYBERCOM Operates and defends DoD’s elements of cyberspace to leverage emerging technologies and to counter evolving threats.
• Policies • Processes • Standards
DoD CIO USCYBERCOM
• Operational Requirements • Emerging Threats • Effectiveness Measures
Operational Orders
DISA
DoD Components 7
Cyber Intelligence
Collection & Analysis of Data from All Sources
• • Understanding of Internet, Networks and Integration Indications and Warnings • Existing Situational Awareness Tools • • Develop new tools Internet ‘Data-Mining ’
Synthesis & Analysis of Data
• Integrate Information into ‘Actionable Decisions’ • Common Operating Picture a must
Framework for I&W and SA Sharing
• Across DOD, USG, Defense Industrial Base (DIB) a model • Mechanism for Management & De-confliction • While protecting sensitive information
USG DoD DIB
8
Cyber Intelligence
• Definitional Attributes: – Timely network activity information • Proactively managed to allow operational commanders maneuver space – Trusted network activity information • Combination of all source and organic sensor information – Actionable • Enables risk based decisions and actions – Defensive and Offensive 9
DoD IT Strategy and Roadmap Goals
Secretary of Defense Efficiencies Key Benefits
• Unity of effort • Do more with less • Reduce acquisition, procurement and sustainment cost • Improve IT cost awareness • Eliminate redundant effort and cost
Are our IT systems working for us?
Effectiveness
Improve mission effectiveness and combat power throughout the Department
Cyber Security
Improve the security of DoD networks and information from all threats
Efficiency
Reduce duplication in the DoD IT Infrastructure, and deliver significant efficiencies across the Department
Key Benefits
• Unity of command • Consistent and improved user experience • Rapidly deliver new business and mission capabilities • Increase interoperability with in -place systems • Global access to needed information • Improve availability and reliability
Are we using our resources efficiently?
Key Benefits
• Unify command and control of critical networks • Detect and eliminate malicious activity • Validate access to information based on enterprise identity and user attributes
Are our IT systems secure?
Enterprise Approach Is Critical DoD IT infrastructure optimization goals
are directly tied to a CIO’s “Three Core Questions”
10
IT Infrastructure Consolidation Initial Actions
1. Data Center consolidation 2. Network Standardization / Optimization 3. Enterprise Identity Management – secure authentication to network and data – drive anonymity from networks 4. Enterprise Email – Single global directory service (Single DoD “Phone Book”) 5. Enterprise Hardware/Software Contracts & Procurement Leverage Department’s buying power
Reduce footprint, simplify architecture, increase our ability to defend
11
Network Optimization
12
Enterprise-Wide CND Initiatives
• • • • • • • • •
Implementing a broad set of initiatives for Computer Network Defense: Trust based Certification and Accrediation Situational Awareness Capabilities Host-Based Security System (HBSS) Defense Industrial Base (DIB) Support Supply Chain Risk Management (SCRM) strategy Insider Threat Mitigation
•
Continuous Monitoring
Secure Configuration Management • • •
Demilitarized Zones (DMZ)
Web Content Filtering E-Mail Security Gateway DNS Hardening
Network Scanners
Partnering in key areas with the IC, Combatant Commands, Services, DoD Agencies and Industry
13
Challenge of ‘Situational Awareness’
•
Information necessary for a Cyberspace Common Operational Picture (COP) supporting Situational Awareness (SA) and enabling C2 decision making comes from disparate Indications & Warnings (I&W) sources
–
Diverse set of capabilities making interoperability a challenge
–
Legacy point-to-point interfaces inhibiting information sharing
–
Synthesis of “Internet ” feeds (Data Mining) is essential to feed a COP and understand the environment
–
Need validated requirements for a customizable unified community resource for detection, analysis, or presentation
–
Need a cohesive ‘Data Strategy’ linked to net as part of network optimization
Must Overcome Obstacles to Information Access & Sharing
14
Situational Awareness Initiatives
•
Seeking to leverage technologies to create a net centric architecture which easily allows current and future, unintended, data sources to be combined and utilized for SA:
–
Continuous Monitoring (CM)
•
Secure Configuration Management (SCM)
•
Host Based Security System (HBSS)
–
Identity Management – PKI enablement
–
Situational Awareness - Global NetOps Information Sharing Environment (GNISE)
–
Internet Data Mining – In combination with CM
Allow for more balanced Risk Management
15
Developing Situational Awareness Capabilities
Strategic Mission Needs Tactical Operational Civilian Communities IC Coalition Shared SA Info Sharing DIB CS/IA Data User Interface DIBNet DC3 Data Sources Other Data Sources Integration Enterprise 2.0 for NetOps SA Information Portal Reports Dashboards Data Streams Data Visualization Service Mashup Data Analytics / Service Gadgets NetOps SA Data Enterprise Services (Auth, Messaging, Cross Domain) Web Services NetOps Apps Custom Data Sources SIM GNA, GEM, GCM, CIP Data Sources CDC DISA NetOps Data User Interface Integration CND UDOP cd JIMS Data Mining Transition JCD Web Services Custom Data Sources JCD Data
16
The Way Ahead
• • • • •
Pursue our goal of affording secure access to information for the warfighter from any device Our strategy is to consolidate and standardize elements of the networks to more effectively defend them and confront threats with agile information sharing Our focus is to embed the policies, procedures, oversight, and culture that enable information sharing into the Defense community and its mission partner Continue to leverage extensive and unprecedented capabilities afforded by the Information Age Continue to partner with industry to deliver National Security in Cyberspace
We are creating an information advantage.
17
How Can You Help?
• Ask hard questions • Leverage your best and brightest • Innovate • Help us find lasting solutions that scale • Be part of our success
Partnership
18
Agile and secure information capabilities to enhance combat power and decision making.
Robert J. Carey
DEPUTY ASSISTANT SECRETARY OF DEFENSE (Information Management, Integration, and Technology) & DOD DEPUTY CHIEF INFORMATION OFFICER (703) 614-7323 [email protected]
19
Back Up Slides
Back Up
20
Defense Industrial Base Network (DIBNet)
•
A classified and unclassified collaboration and information sharing capability for DoD and Defense Industrial Base (DIB) partner use.
–
To protect sensitive DoD data residing in Defense contractor facilities.
–
To develop and deploy a secure infrastructure for DoD to exchange threat products and to collaborate with DIB partners in a timely fashion in defense of their network assets.
DIB CS/IA Data User Interface DIBNet DC3 Data Sources Other Data Sources DoD
DoD CIO runs the DIB Cyber Security/IA Program.
Defense Cyber Crime Center (DC3) provides the threat products and incident analysis capability.
2650 Cleared Defense Contractor companies are the targeted users of DIBNet capabilities.
21
Continuous Monitoring (CM)
•
Continuous monitoring is maintaining ongoing awareness to support organizational risk decisions.
•
CM unifies existing disparate capabilities of operational management and control to build out a robust and integrated solution for decision processes.
22
Host Based Security System (HBSS)
23
Secure Configuration Management (SCM)
Optimization Automation
•
SCM is the integration and optimization of enterprise IA applications, Services, Policy, and standards in to a multi-tiered architecture
•
SCM automates risk management processes that are manual today Innovation
•
SCM supports the delivery of Continuous Monitoring and Advanced Threat Analysis and Risk Scoring
Configuring assets securely in the first place Maintaining secure configuration Providing continuous situational awareness to the right people 24
Identity Management
• •
Goal: All applications and systems use a single trusted database of all DoD employees Approach:
–
Utilize the DMDC and Database
– –
PKI authentication Develop policies and processes
– –
Cyber security credentialing Enterprise Email
25
DoD CIO Approach
•
Customer Focus -
“The warfighter expects access…”
•
Centralized Guidance -
Responsible for “standardization”
• Collaboration Emphasis - Partnerships and stakeholders • Consolidated Effort - Enterprise solutions • Capability Investment - The right talent and expertise 26
Purpose (TEMP Slide)
While USCYBERCOM must be focused on the now/near-term and strategic , DoD CIO must work to ensure that optimal policies, guidance and oversight is in place to design, acquire and operate Networks that map themselves, continuously sense and report all normal and abnormal activity levels, and provide a global Common Operational Picture of key data sets that can truly provide current Situational Awareness and Indications and Warning of future threat vectors.
Focus Questions:
•
What enterprise wide initiatives are you working to provide real-time and near term insights into threats to the DOD Cyber Domain?
•
In what key areas are you partnering with USCYBERCOM to ensure that unclassified Cyber Intelligence is collected, analyzed and appropriately disseminated across DOD and the DIB?
•
How does DOD CIO define Cyber Intelligence?
27
OSD/CIO Mission
Bring the power of information to the achievement of mission success in all operations of the Department; war fighting, business, and intelligence.
Lead the Department in achieving a persistent and dominant information advantage for ourselves and our mission partners.
Lead the Department in changing those policies, processes, and culture necessary to provide the speed, accuracy, and agility to ensure mission success in a rapidly changing and uncertain world.
Ensure a robust and secure information environment.
Provide modern command and control capabilities through persistent collaboration at all levels and among all mission partners.
Acquire new information capabilities rapidly (9-12 months) and at low cost by delivering them as enterprise services.
28
CIO Major Areas of Activity
•
Policy Development
success. – The establishment of the direction and expectations to ensure a Defense Information Enterprise capable of accessing information, sharing it, and collaborate to achieve mission •
Program Oversight
– The leadership and expertise that provides the recommendations for effective IT investment, avoid duplicative efforts, prevent capability gaps, and ensure the tenants of net centricity are adhered to. •
Acquisition Support
capabilities. – The guidance and oversight needed to ensure IT programs adhere to acquisition directives, meet information sharing expectations, and quickly progress to fielded 29
Refashioned DoD CIO
•
Customer Focus
– “The warfighter expects access…” •
Centralized Guidance
– CIO responsible for “standardization” (policy, architecture, standards, governance) •
Collaboration Emphasis
Industry, Academia) – Renewed emphasis on partnerships and stakeholders (MILDEPS, DISA, USCC, AT&L, DCMO, USD(P), •
Enterprise Effort
– Enterprise approaches; improved security •
Competence Priority
– Get the right talent; leverage DISA technical expertise 30
Enterprise Wide Initiatives
Enterprise Services – Secure access to the data
Data Strategy – Tag and share the data
Information Transport – Securely move the data
Information Assurance – Keep it dependable
Net Ops – See and manage the networks & data
Partnering in key areas with Combatant Commands, Services, DoD Agencies and the commercial sector
31
Link to Mission
•
Success is dependent upon our ability to connect people with information anytime, anywhere
•
The DoD CIO is responsible for ensuring the delivery of critical enabling capabilities that:
–
Allow information to be accessed and shared
–
Ensure partners can collaborate
–
Support decision makers at all levels to make better decisions faster and to take action sooner
Information must be given the same priority and protection as any mission critical system or platform.
32