AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... ·...
Transcript of AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... ·...
![Page 1: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/1.jpg)
1
AFCEA Hawaii Chapter
14 APR 2015
James H. Mills, CAPT, USN
Discla imer: The views presented here are those of the speaker and do not necessarily represent the views of the DoD or DoN.
This briefing is unclassified.
![Page 2: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/2.jpg)
Command Mission Snapshot
Context of the naval environment
The maritime strategy big picture
Maritime challenges
Trends and Game Changers
Strategic relevance of cyberspace
Cyberspace imperatives
Cyberspace as a domain of warfare
Trends and implications
Enterprise priorities
Way Forward
2
Voyage plan for this presentation…
![Page 3: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/3.jpg)
“Eyes and ears” of the Pacific Fleet Support Fleet and National
Information Warfare and cryptologic missions Training, Direct Support,
Electronics Support, Planning Signals Intelligence, I&W, Signals
Analysis Information Operations Cyberspace operations
3
NIOC HI Mission Snapshot
NIOC Hawaii - Excellence in Action
Man, train, and equip Pacific elements of the Cyber Mission Force
Support SIGINT, IO, and cyberspace missions PACFLT, C7F, C3F COMFLTCYBERCOM, C10F,
JFHQ-Cyber COMNAVIDFOR – TYCOM
![Page 4: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/4.jpg)
Continued evolution since 2009
2014 NAVIDFOR, JFHQ-Cyber role
Enterprise focus
Operate the Network as a WarfightingPlatform
Conduct tailored Signals Intelligence
Deliver warfighting effects through cyberspace
Create shared Cyber situational awareness
Establish and mature Navy’s Cyber Mission Force
4
FCC/C10F Strategic Vantage
AFCEA West 2015: VADM Tighe,Answering the Evolving Threat on YouTube
![Page 5: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/5.jpg)
Globalization
Migration
Natural resources competition
Arctic opening
Piracy
Smuggling
Regional competitors
HADR impact
5
Trends in the Maritime
The Maritime commons is the lifeblood of the global economic system.
![Page 6: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/6.jpg)
Trends
Rise in volume of digitized data
Dynamic threat
Weak control of intellectual property
Lower “system” confidence (assurance, trust, resilience)
Insufficient cadre of expertise
Cyber Domain Challenges
Social & economic cyber dependency
Finding right mix of kinetic & cyber
Fiscal constraints
Organizational churn
Technology change outpaces acquisition
Seams emerging at the tactical edge
Rise of peer competitors
Environmental Challenges
Revitalize investment in cadre of expertise
Cultivate acquisition agility
Attain unity of effort
Ensure “Assured C2”
Build in “trust” and “resilience”
Indicators Imply…
Disruptive Technologies• Cloud Computing
• Virtualization
• Autonomous Vehicles
• Augmented Reality
• Data center advances
• Plastic Electronics
• Social Computing
• Mobility & Pervasive Sensing
• Machine Learning
![Page 7: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/7.jpg)
• Hull innovation
• New warship class
7
“Game Changers”
Steam Propulsion
Torpedo Ironclads
Dreadnoughts
Coal
Carrier aviation
Over the Horizon
Submarine warfare
Amphibious warfare
Nuclear power
Precision Guided Munitions
Network Centric Warfare
Autonomous systems
?
![Page 8: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/8.jpg)
8
Cyberspace: Military Imperative
“Enemies in the future, however, need not destroy our aircraft, ships, or tanks to reduce our conventional and even nuclear effectiveness. A well-timed and executed cyber attack may prove just as severe and destructive as a conventional attack.”
General James N. Mattis (USMC), Commander, United States Joint Forces Command
National Military Strategy for Cyberspace Operations (2006) (declassified 2008)
DoD’s role:
Defense of the Nation
National incident response
Critical infrastructure protection
Strategic priorities:
Gain and maintain the initiative to operate within adversary decision cycles.
Integrate capabilities across full range of military operations using cyberspace.
Build capacity for cyberspace operations
Manage risk to cyberspace operations
![Page 9: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/9.jpg)
9
Cyber Warfare: An armed conflict conducted in whole or part by cyber means. Military operations conducted to deny an opposing force the effective use of cyberspace systems and weapons in a conflict. It includes cyber attack, cyber defense, and cyber enabling actions.
(From Joint Terminology for Cyberspace Operations)
Cyber War Defined (2010)
![Page 10: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/10.jpg)
10
“Cyber” as a Domain of Warfare
Another means of national power and influence
Use of Spectrum
Info Operations
Networks & NetOps
Command & Decision
Critical Infrastructure
Cyber Intelligence
Assurance & Trust
![Page 11: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/11.jpg)
Supporting Most recent operations have had IW/IO/”Cyber” as a
supporting element
Disrupt/degrade: C2, IADS; MILDEC; CNE
IW/IO/”Cyber” continues in supporting role in military planning and execution
CNA/CNE largely at strategic level control
Tactics and organization mature
Supported Shift beginning where operation may be solely Cyber or a
supported Cyber operation
Value of non-kinetic greater as Cyber capabilities mature
Shift to allow more Cyber ops at operational and tactical levels of war
Tactics and organization still maturing
11
Supporting Supported
![Page 12: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/12.jpg)
Modern combat systems, weapons and platforms are increasingly software intensive (F-22, JSF…)
Use of Cyberphysical(embedded network) systems growing in DoD
SCADA, machinery control, critical navigation, damage control
Supply chain increasingly from untrusted entities
Primary C2 systems rely on information networks
Data breaches degrade operations
12
Why should you care?
Case targets
microchips sold to
Navy
(Sep. 15, 2010)
2008 Buckshot Yankee (USB)
F-22 Squadron Shot Down by the
International Date Line (2007)
2010
Pentagon ‘Aware’ of China
Internet Rerouting (Nov. 2010)
Computer Spies Breach
Fighter-Jet Project
(April 21, 2009)
US Says Iran Hacked Navy
Computers (Sept. 27, 2013)
US Sanctions North Korea Over
Sony Hack (Jan. 2, 2015)TIME
![Page 13: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/13.jpg)
Nature of Cyber Warfare We operate, attack and defend on the
same platform as the adversaries
Threat characterization and attribution are challenging
Offense and defense have similar features
Industry drives cyberspace technology
Public, high profile adversary successes will breed additional actors Inexpensive, anonymous and effective
Cyber operations require a force that lives “on-the-network”
Global Cyber Common Operational Picture
Predictive cyber threat/response capability
Integrated NetOps, Attack, Defense, Exploit operations
13State, Non-State Actors and Individuals All Operate Within Cyberspace
McAfee, November 2010
BBC, Visualising the Internet, January 2010
FLTCYBERCOM
Perspective
From RDML Leigher brief, 18NOV10, graphics updated.
![Page 14: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/14.jpg)
14
Attack trends
![Page 15: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/15.jpg)
Platform for Propaganda Hacktivism Arab / Israeli conflicts Terrorist recruitment
Political consequence US/China Hacker Wars Iran, Tunisia, Egypt social media North Korea
Disruption Estonia Stuxnet Aramco
Exploitation Operation Aurora Internet Hijacking
Decisive Effects (combined) Georgia, Ukraine 15
Political Aims in Cyber “War”
Rise in volume of digitized data
Dynamic threat
Weak control of intellectual property
Lower “system” confidence (assurance, trust, resilience)
Insufficient cadre of expertise
Cyber Domain Challenges
![Page 16: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/16.jpg)
Example: Chinese Activity
16
Chinese embassy accidental bombing
EP-3E forced landing“Sino-US ‘Hacker War’”
Exploitation campaign
DoD program dataexfiltration
US Naval War College
Source: US-China Economic and Security Review Commission Report (2010)
![Page 17: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/17.jpg)
Chinese Strategy PLA actively developing Computer Network Ops capabilities,
strategy and training
Open press reports of 60,000 in Cyber War corps
Achieve information dominance
Seize control of information flow and establish information dominance
Integrate network and electronic warfare
Coordinated network and EW effects
Focus on C2 and logistics
Non-kinetic first (degrade info systems) then force-on-force
Degrade civilian cyber infrastructure that supports military ops
Deny or degrade C2 (DDoS, false data, EW)
View of CNO as a strategic deterrent comparable to nuclear weapons
17Source: US-China Economic and Security Review Commission Report (2010)
“A victorious army first wins and then seeks battle. A defeated army first battles and then seeks victory.”
Sun Tzu, The Art of War
![Page 18: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/18.jpg)
18
Defense: Layered, Adapt to Risk, Active
Traditional model of defense in depth (Liu/Ormaner)
Cyber Situational Awareness
Information Assurance &
SystemsEngineering
DefensiveManeuver
Force
Reducing Attack Surface(Patching, SW
currency, firewall
policies, etc)
Cyber Key Terrain
Protection & Assured C2
Community Info Sharing
Expert Workforc
e
![Page 19: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/19.jpg)
Something to think about…AirSea Battle & A2/AD
Cyber dimension
19Source: Why AirSea Battle? Krepinevich, 2010.
![Page 20: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/20.jpg)
20
How to Help Support local and enterprise STEM efforts
People are our competitive advantage
“Bake in security” vice “bolt on”
Invest in systems engineering expertise in design and acquisition
Develop a trusted supply chain and take a systems-wide resilience approach
Participate in cybersecurity sharing venues
Develop and deliver enhanced cyber situational awareness tools
Tune operations to cyber “attack” risk
Key terrain analysis
Continuity of Operations
Vital information protection
![Page 21: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/21.jpg)
Questions?21
![Page 22: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/22.jpg)
Information’s Global Commons
22
What is cyberspace?
(From TRADOC Cyberspace Operations Concept Capability Plan, 2010)
DoD defined, May 2008
![Page 23: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/23.jpg)
Motivations:
Sponsored warfare (Assure, Dissuade, Deter, Defeat)
Terrorism (Propaganda, Influence)
Commercial interest ($, IP)
Criminal activity ($, corruption)
Hacking ($, challenge) 23
Network Attacks: Method & Adversaries
National Infrastructure attack surface and methods. (Amoroso)
Adversaries and exploitation points. (Amoroso)
Factors leading to breaches.(Liu, Cheng)
![Page 24: AFCEA Hawaii Chapter 14 APR 2015afcea-hawaii.org/wp-content/uploads/2015/04/AFCEA-HI... · 2015-04-16 · 1 AFCEA Hawaii Chapter 14 APR 2015 James H. Mills, CAPT, USN Disclaimer:](https://reader034.fdocuments.net/reader034/viewer/2022042413/5f2d5f08474b3b400c38e7f0/html5/thumbnails/24.jpg)
24
Terms of Reference• Computer Network Attack: A category of fires employed for offensive purposes in which actions are
taken through the use of computer networks to disrupt, deny, degrade, manipulate, or destroy information resident in the target information system or computer networks, or the systems / networks themselves.
• Computer Network Exploitation: Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data about target or adversary automated information systems or networks.
• Counter-Cyber: A mission that integrates offensive and defensive operations to attain and maintain a desired degree of cyberspace superiority.
• Cyber Attack: A hostile act using computer or related networks or systems, and intended to disrupt and/or destroy an adversary’s critical cyber systems, assets, or functions.
• Cyber Defense: The integrated application of DoD or US Government cyberspace capabilities and processes to synchronize in real-time the ability to detect, analyze and mitigate threats and vulnerabilities, and outmaneuver adversaries, in order to defend designated networks, protect critical missions, and enable US freedom of action.
• Cyberspace Operations: The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace.
• Cyberspace Superiority: The degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land, air, sea, and space forces at a given time and sphere of operations without prohibitive interference by an adversary.
• Cyber warfare: An armed conflict conducted in whole or part by cyber means.
• Network Operations (NetOps): Activities conducted to operate and defend the DoD’s Global Information Grid.
See “Joint Terminology for Cyberspace Operations” for complete and additional definitions.