The Fifth Column Forum
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author: Subject: In cyber, the US can’t ‘enforce standards that don’t exist’

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 10-12-2019 at 07:21 PM
In cyber, the US can’t ‘enforce standards that don’t exist’

By: Jill Aitoro   2 days ago

Adm. Michael Gilday arrives for his July 31 confirmation hearing before the Senate Armed Services Committee. (Andrew Harnik/AP)

SIMI VALLEY, Calif. — The lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as needed to protect data and systems, the chief of naval operations said during a service chiefs panel at the Reagan National Defense Forum.

All four chiefs on Saturday pledged support to Gen. Paul Nakasone, commander of U.S. Cyber Command. But they also acknowledged the challenge that comes with the lack of international doctrine.

“We have international norms in the maritime; we don’t have those in cyber,” said CNO Adm. Michael Gilday, who led the Navy’s component to U.S. Cyber Command, 10th Fleet/Fleet Cyber Command, from July 2016 to June 2018. “It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. It’s a challenge."

“Those types of agreements take time,” he added.

"Unfortunately, they sometimes follow a catastrophic event.”

NATO confirmed in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure. But while that decision did help inspire the alliance to develop rules of engagement should such an event occur, it did not establish global standards for behavior in cyberspace.

Nonetheless, progress is being made, said Gen. David Berger, commandant of the U.S. Marine Corps.

“We know it’s a collective issue. Documents are one things, but discussions are happening that didn’t happen years ago, and that’s healthy,” he said.

To enhance cybersecurity within the Department of Defense, Gen. David Goldfein, chief of the U.S. Air Force, advocated for greater authority to be given to the head of U.S. Cyber Command for enforcing cyber standards across the services.

“One of the things we’ve got to [provide] Nakasone is increased decision authority," Goldfein said. "How do you operate at the speed of relevance if decisions are held to the highest level?”
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 10-12-2019 at 08:24 PM

ALGORITHMIC WARFARE: Annual Exercise Flexes Cyber Warfare Muscles


By Yasmin Tadjdeh

Illustration: Getty

The Army — working alongside Japan’s Ground Self-Defense Force — demonstrated its cyber warfare capabilities during a bilateral exercise known as Cyber Blitz-Orient Shield 2019.

The event — which took place in September — married the Army’s annual Cyber Blitz experiment with Orient Shield, a yearly bilateral exercise hosted by U.S. Army Pacific and Japan. It took place simultaneously at Joint Base McGuire-Dix-Lakehurst, New Jersey, and at various locations across Japan.

“It was a great training opportunity for us to be able to operate in the [multi-domain operations] environment, to be able to work with a reliable partner that has the capacity and the will to be able to do this,” said Maj. Gen. Viet Luong, commanding general of U.S. Army Japan. “I think the beauty of that is to be able to do it in the [great power] competition zone.”

Orient Shield has been going on for more than 30 years, he said during a media roundtable at the Association of the United States Army’s annual conference in Washington, D.C.

Historically, it has primarily focused on the tactical level where mission command is at the brigade level and maneuvers were conducted at the platoon and company levels to include a field training exercise and a series of live-fire activities.

This year’s iteration — which featured more than 3,000 soldiers — was conducted at the operational level, he said.

Richard Wittstruck, associate director for field-based experimentation and integration at Army Combat Capabilities Development Command’s C5ISR Center, said the Army integrated its new intelligence, information, cyber, electronic warfare and space unit, also known as I2CEWS, into the effort.

I2CEWS was activated earlier this year.

“We distributed them several places [in the continental United States] so that they could do live, virtual, constructive training with real equipment and real threats presented to them, and then synchronized their products and activities with the multi-domain task forces part of Orient Shield,” he said.

During the exercise, a scenario would be developed by Orient Shield planners and Cyber Blitz personnel would then be able integrate into those and tie into both live and virtual operations, Wittstruck said.

Japan’s Ground Self-Defense Force was not limited to remaining in its own country for the duration of the exercise, he noted. The nation deployed an attachment of soldiers to Cyber Blitz’s base in New Jersey to integrate with I2CEWS defensive cyber operators.
The scenarios took into account the current strategic environment in the Asia-Pacific region.

“What we look at are characteristics or trends that we see evolving in” the region and among peer competitors, he said.

“We don’t sit there and say, ‘It’s this one or that one,’ but it’s more like what are the capabilities that the force of the future is going to have to engage in? How do we best represent that to characterize to operators a realistic environment?”

Cyber Blitz-Orient Shield was considered effective from both a mission perspective and cost effectiveness perspective, Wittstruck said.

“It not only gave our soldiers an efficient means by which to train and to interact with higher headquarters, but it also was efficient to the taxpayer,” he said. “We’re trying to find integrated ways to marry experimentation with exercise, not just for the soldiers, but also for the taxpayer. We don’t need to be doing silos of excellence and experiment and then handing a report for someone to then pick up and try to ingest.”

Cyber Blitz began in 2016 to test doctrine as it related to cyber and electromagnetic activities, or CEMA, Wittstruck said.

“The intent was there to start figuring out at the [brigade combat team] level, how would a CEMA section integrate into BCT operations and dominate and maneuver in kinetic operations with their nonlethal and non-kinetic capabilities,” he said. “Since then, it has evolved, adding on a little more with each successive year.”

Cyber Blitz focuses on synchronizing science and technology for multi-domain operations and operationalizing innovative technology development. It also looks at identifying technical capabilities and integrating prototypes for future training and doctrine operational validation as well as experimenting with force design updates and operational products such as doctrine, concept of operations and tactics, techniques and procedures, according to the Army.

By conducting Cyber Blitz-Orient Shield, the service was able to focus and refine its concepts for persistent competition with adversaries, Wittstruck noted.

“We are in persistent competition right now in operations,” he said. “My shot is not fired, no kinetic activity is ongoing, but we are shaping the battlespace as we speak on all sides. Our enemies are doing that.”

Maj. Gen. Neil Hersey, commanding general of the Army’s Cyber Center of Excellence, said the experiment gave the service the opportunity to try new techniques, even if they were not successful or didn’t go according to plan.

“This is really about failing early, failing cheaply, failing often and improving along the way as we do it,” he said.

Cyber Blitz-Orient Shield brought together Army Training and Doctrine Command, Futures Command, U.S. Army Japan and a partner nation to execute a tier-one level exercise with a new formation and gave soldiers kit they could experiment with, he added.

“We’ve learned a tremendous amount,” Hersey said. It “really validates in my mind this approach that the Army is moving to with demonstration, experimentation and prototyping and using the DevOps model, which brings together our operators, … our materiel developers, our operational force and our training and doctrine writers … [to] accelerate learning toward building these formations that we know we need to get up for multi-domain operations.”
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 11-12-2019 at 01:05 PM

Here are the Pentagon CIO office’s new cybersecurity roles

By: Andrew Eversden   9 hours ago

The DoD CIO's office gained additional cybersecurity responsibilities as part of the new National Defense Authorization Act. (gorodenkoff/Getty Images)

The new National Defense Authorization Act revamped the cybersecurity responsibilities of the Department of Defense’s chief information officer, upping its responsibility for intrusion prevention and data sharing.

The wide-ranging NDAA, released late Dec. 9 after weeks of negotiations between lawmakers in the House and Senate, charged the DoD CIO, currently Dana Deasy, in managing and modernizing the enterprise cybersecurity of the Pentagon.

Under the NDAA, expected to be passed and signed into law, the DoD CIO officer must ensure that the department “maximizes” cybersecurity capability and ensure that department components across the Pentagon share data on endpoint activities.

Congress also tasked the CIO with ensuring that the department “supports improved” automation of cyberattack detection and response. The NDAA directs the CIO to enhance the DoD cyber posture to be prepared to fend off “common” adversary tactics, and intrusion techniques.

After the bill is signed into law by President Donald Trump, the DoD CIO must also mandate and establish a pathway toward increased data sharing across the department on cybersecurity capability, network and endpoint activity. Related to that activity, the CIO must also make mission data accessible to other DoD components.

Currently, DoD data sits in silos across the enterprise, making it difficult or near-impossible for other DoD components to receive. The Pentagon awarded a general purpose cloud contract to Microsoft as part of its broader cloud strategy to try to knock down those silos. That cloud is known as the Joint Enterprise Defense Infrastructure, or JEDI, and the Pentagon plans to move 80 percent of DoD applications there once it is established; the contract is currently tied up in both the U.S. Court of Federal Claims and the U.S. Court of Appeals, though a judge hasn’t halted any work from proceeding.

The NDAA also increases the CIO’s tasks related to the the DoD’s computing, making the officeholder in charged of refreshes, installations and acquisition of bandwidth. Additionally, it requires that DoD CIO utilize cybersecurity tools created by the Defense Advanced Research Projects Agency, Defense Innovation Unit and other DoD innovative hubs.

In another effort to increase cybersecurity at the Pentagon, the CIO must engage the NSA in cybersecurity testing and engineering, and use the Defense Digital Service as workforce, engineering and policy experts.

In his October confirmation hearing, Deasy said that the NSA would perform penetration on the JEDI cloud in order to guarantee its cybersecurity.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 11-12-2019 at 04:19 PM

Congress wants more answers on cyber operations and tools

By: Mark Pomerleau   5 hours ago

Congress is demanding several new reports and oversight mechanisms over DoD cyber operations and readiness of the cyber force. (J.M. Eddins Jr./Air Force)

A big theme in this year’s annual defense policy bill has been increased oversight for cyber policy, operations and forces.

The National Defense Authorization Act, which was finalized late Dec. 9 by congressional defense committees, has over 30 cyber-related provisions. Here are seven oversight items included in the bill:

Modification of acquisition authority

In 2016, Congress granted U.S. Cyber Command limited acquisition authority — capping acquisition funds at $75 million per year, sunsetting in 2021.

This year’s bill amends the authority to say that the command cannot obligate or expend more than $75 million on new contract efforts.

Readiness of the cyber mission force

The bill requires the secretary of defense to create metrics for the assessment of the readiness of the cyber mission force and brief Congress on such metrics.

Following the May 2018 full operational capability of the cyber mission force, Cyber Command said it was shifting its focus from building the force to readiness. The command has articulated its own metrics that it is putting into practice to measure readiness.
The Government Accountability Office in a March report took aim at DoD and Cyber Command for building the force too quickly, which led to readiness issues.

More requirements for separating the National Security Agency and Cyber Command

The bill adds elements to previous legislation that DoD must certify before it can sever the so-called dual-hat relationship between the NSA and Cyber Command, which also share a leader.

The changes include a requirement that each organization have robust command-and-control systems for planning, deconflicting and executing military cyber operations and now national intelligence operations as well, a requirement that tools for cyber operations are sufficient for achieving required effects and a Cyber Command can acquire or develop them and that the cyber mission force “has demonstrated the capacity to execute the cyber missions of the Department.”

In a change from the Senate panel’s version of the bill, for which there was no analogous portion in the House-passed version, the final bill also requires DoD to provide the defense committees with a briefing on the current and future partnership between the NSA and Cyber Command.

These briefings should include information on common infrastructure and acquisition, operational priorities, research and development partnerships and projected long term efforts.

Authorities for cyber operations and policies governing them

After the Trump administration modified the rules for approving cyber operations from the previous administration, there has been a protracted fight between the executive and legislative branches to see the underlying documentation governing the change.

The bill requires no later than 30 days after its enactment and upon request from committees, the president must allow them to read a copy of all so-called National Security Presidential Memorandums relating DoD operations in cyberspace.

Another provision in the bill requires congressional committees be notified in writing when authorities articulated in these policy documents are delegated from the president to the secretary of defense for military operations in cyberspace no later than 15 days after the delegation.

Report on cyber operations

The secretary of defense must deliver a report to Congress no later than March 1 of each year summarizing all named military cyber operations that were conducted in the previous calendar year.

This report must be organized by adversarial country and should include a raft of specifics to include, among others, the objective and purpose, impacted countries or entities, methodologies used for the cyber effects, specific cyber mission force teams involved, infrastructure used and costs.

Study of cyber capabilities

Congress wants the Defense Science Board to study future cyber war-fighting capabilities of DoD.

Within the past year, Cyber Command created the Joint Cyber Warfighting Architecture, which guides cyber capability and development in five broad areas.

The Defense Science Board study should provide a technical evaluation of the architecture, especially key acquisition program priorities such as Unified Platform, Joint Cyber Command and Control and the Persistent Cyber Training Environment.

The provision in the bill also directs the study to include information on capability requirements, speed of development, coherence of the architecture, technical evaluation of tool development, evaluation of operational planning and targeting of Cyber Command and recommendations.

Study of cyber command elements

The bill directs the Pentagon’s principal cyber adviser to examine the best way to organize and staff four military cyber agencies.
The study would look at what it means it would mean if the personnel in these agencies were moved from services to joint organizations. It would also consider what would happen if those billets were moved to Cyber Command.

The first of the organizations would be the Joint Force Headquarters-Cyber (JFHQ-C). The four JFHQ-Cs deploy offensive cyber teams within the combatant commands. They provide planning, targeting, intelligence and cyber capabilities to the combatant commands they’re assigned and are led by the heads of the four service cyber components.

The second is the Joint Mission Operations Centers.

The third group is what’s known as cyber operations-integrated planning elements. These are small teams currently being created by each service cyber component that will serve as a forward element of the JFHQ-C locally at the combatant command staff to help coordinate cyber effects for battle plans.

The fourth are the Joint Cyber Centers at each combatant command.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 12-12-2019 at 09:36 AM

Cybersecurity Requirements Likely for Defense Contracts by June 2020

(Source: US Department of Defense; issued Dec. 10, 2019)

Ellen Lord, the Defense Department’s undersecretary for acquisition and sustainment, spoke at a news conference at the Pentagon, December 10, 2019. (DoD photo)

The Defense Department expects that by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts.

Ellen Lord, the undersecretary of defense for acquisition and sustainment, said the new cybersecurity maturity model certification program is a critical part of ensuring that companies hoping to do business with the department meet important cybersecurity requirements.

"The cybersecurity maturity model certification, or CMMC program, establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard to secure the DOD supply chain," Lord said.

She said the program will establish five levels of certification tailored to the criticality of a system or subsystem that a contractor might hope to do work on. The CMMC framework was developed by working with the defense industry, leadership on Capitol Hill and engagement with the public.

"These levels will measure technical capabilities and process maturity," Lord said. "The CMMC framework will be made fully available in January 2020."

The program's concept is designed to ensure that any business doing work for the government can demonstrate that their computer networks and cybersecurity practices are up to the task of defending against intrusions by adversaries who want access to information about government contracts and weapons systems development.

"Cybersecurity is a threat for the DOD and for all of government, as well as critical U.S. business sectors, such as banking and healthcare," Lord said. "We know the adversary is at cyberwar with us every day. So, this is a U.S. economic security issue, as well as a U.S. security issue. When we look at cybersecurity standards, I believe it is absolutely critical to be crystal clear as to what expectations [and] measurements are, what the metrics are and how we will basically audit against those."

The government itself won't audit potential contractors for compliance with the program's standards. Instead, a third party will perform those audits. Lord said DOD is working with multiple companies that are interested in performing that work, and she said she expects a decision by January.

Lord said DOD expects some challenges for small businesses to meet the program's requirements. DOD is aware of industry's concerns, and efforts are being made to alleviate some of those concerns, she said.

"We know that this can be a burden to small companies, particularly, and small companies is where the preponderance of our innovation comes from," Lord said. "So, we have been working with the primes, with the industry associations, with the mid-tiers, with the small companies on how we can most effectively roll this out so it doesn't cause an enormous cost penalty for the industrial base."

View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 24-12-2019 at 05:44 PM

Navy to Develop Virtual Cyber Training Network


By Connie Lee

Image: iStock

The Navy has tapped technology startup company Resolvn to develop new virtual cyber training networks.

“We are tasked to build out 14 networks in virtual space,” Sean Donnelly, CEO of Resolvn said in an interview. “When we say virtual space, we mean we are creating environments that are basically networks that look just like the networks that we see in everyday commercial enterprise and government.”

The company, which works to deliver real-world training environments, was incorporated in May 2018.

The environments will live as virtual technology on servers and will mirror existing networks to allow managers to deploy specific training scenarios on any network.

Some networks include a virtualized power plant, multiple internet service providers, a Defense Department facility and municipal buildings, according to the company.

The objective of the training environment is to reduce the time required to train sailors and give them realistic tools to learn offensive and defensive cyber tactics.

The technology will be rolled out in five phases, Donnelly said.

“Each phase will provide multiple high-fidelity networks to the end customer environments in which their offensive and defensive cyber operators can practice their jobs,” he said.

Though the company has already built similar networks, the naval system is still in the design phase.

“That is the architecting of the networks, identifying ... what types of virtualized machines are going to be running this network, how they’re going to talk to each other and how they’re going to be connected,” Donnelly said. “That’s really what encompasses the design phase.”

The creation of the first operational network — a power plant — is phase one of the development and set to launch shortly, he said.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 11-1-2020 at 05:10 PM

Pentagon gets ‘big win’ on cyber forces

Mark Pomerleau

10 hours ago

The Department of Defense has officially defined certain work roles and metrics for its cyber teams. (Bill Roche/U.S. Army Cyber Command)

From 2013 to mid-2018, U.S. Cyber Command built its cyber mission force — the 133-team, roughly 6,200-person cadre of personnel that conduct cyber operations. Following the build out of those teams, Cyber Command asserted that the focus would shift to readiness, or maintaining the teams and ensuring they remained fully capable of performing missions.

Now the Department of Defense has taken a critical step with its cyber teams by establishing metrics that define work roles and readiness, a top official said Jan. 9.

“We now have a signed document from the secretary that defines what a cyber operating force is,” Maj. Gen. Dennis Crall, deputy principal cyber adviser and senior military adviser for cyber policy, said at an AFCEA hosted lunch.

And these metrics are “big wins,” Crall said.

Crall said that — unlike in the air, ground and maritime space — processes for defining and understanding readiness and concrete work roles, especially for defensive cyber teams known as cyber protection teams, did not exist prior. Cyber, despite being around for over 20 years, is still a relatively new discipline within the military for which the force, capabilities, processes and authorities are still evolving.

“We have for the first time defined what a cyber protection team is. We know what the work roles are. We know exactly what those teams’ mission are … [and] how to evaluate them,” he said.

Cyber Command is decoding how to best (re)organize teams
The command is applying lessons learned to be more effective and sustain readiness.

Doctrine for defensive cyber has been constantly evolving since DoD formalized cyber operations, though officials note the department has continued to struggle with what defensive cyber should look like. Why defensive cyber lags behind offensive in many cases is due mainly to the fact they had to create the defensive framework from scratch, unlike with cyber offense, where there was a template from years of National Security Agency operations.

Additionally, through lessons learned in operations, cyber protection teams operate differently now than they did years ago. Cyber Command is still working to figure out the standards the services must teach to, meaning schoolhouses teach the old model because that is the official doctrine and students are learning one way to conduct operations before learning a different method once they get to their unit.

Crall told Fifth Domain following his remarks how the document signed begins to address how these teams should look.

“Exactly what these individuals do, how we report readiness, at what level and what those readiness metrics look like by team build,” he said. “There’s a level of execution and then reconstitution where teams will go after a certain level of execution, they’ll go back to a building phase … Looking at standardized ways and what’s the basic element of a team. What does that look like and what readiness levels would you expect.”
Reconstitution is the action of getting teams back to full readiness levels following deployments and operations.

Officials have explained in the past that cyber protection teams, which are 39 person teams, don’t all have to deploy at once. This allows them to not only be more efficient in splitting up resources, but it allows parts of the team to reconstitute and conduct training while the other portion is engaged in operations, thus creating a more ready force. This is similar to how other military forces operate, such as fighter squadrons.

Crall added that now the team definitions for cyber protection teams are done, the next piece is capacity.

“We know that we can provide a repeatable deployment of these individuals and their associated equipment set, how many of them do you need,” Crall said.

Crall also said that while the tools and equipment used by cyber protection teams were also agreed upon, there is still some flexibility for the teams to use certain equipment based on certain conditions.

Congress in its most recent annual defense policy bill directed the Pentagon to brief members on the abilities of the force to conduct cyber operations based on capability, capacity of personnel, equipment, training and equipment condition.
Next in line for similar definition are the offensive and support teams within the cyber mission force.

About Mark Pomerleau
Mark Pomerleau is a reporter for C4ISRNET and Fifth Domain.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 18-1-2020 at 05:35 PM

Estonia, US launch effort to ease sharing of cyberthreat intel

10 hours ago

Despite its small size, Estonia has been on the forefront of cyber defense after a massive 2007 cyberattack that analysts believe originated in neighboring Russia. (BIG_TAU/Getty Images)

COLOGNE, Germany — Estonian and U.S. specialists are setting up a new project aimed at easing the transfer of cyberthreat information between the two nations.

The five-year effort will attempt to find ways around a conundrum that often prevents even close allies from telling each other about threats in the virtual domain: Doing so exposes one’s own vulnerabilities.

“No nation wants to do this,” said Kusti Salm, the director general of the Estonian Centre for Defence Investment. And while cybersecurity technology as a whole continues to evolve quickly, enabling intelligence sharing without simultaneously creating security risks is relatively unstudied, he said.

"There hasn't been too much progress in this field. It's pretty ambitious stuff," Salm told Defense News.

The Estonian Centre for Defence Investment oversees acquisitions and research for the small Baltic country’s military. Salm said his organization controls about 60 percent of Estonia’s annual defense budget, which currently sits around $660 million.

Despite its small size, Estonia has been on the forefront of cyber defense after a massive 2007 cyberattack that analysts believe originated in neighboring Russia. The Kremlin has denied any involvement, but Western officials were spooked enough by the events that NATO created its Cyber Defence Center of Excellence in Estonia’s capital Tallinn.

The new collaboration with the United States aims to build automation into the intelligence sharing process, meaning a lot of data gleaned from sensors could be exchanged continuously, according to Salm.

“The cyberthreat is ever-growing, and it doesn’t accept any national borders,” he said.

Initial insights from the effort are expected within three years. Estonian officials have said that other countries could join the project at some point, including nations from the European Union.

Estonian company Cybernetica, a key player in hardening the country’s public sector infrastructure against hacking, is the main contractor for the project. “This is the first-ever joint capability developed in the cyber domain between the two countries,” CEO Oliver Väärtnõu was quoted as saying in a statement.

Officials are more tight-lipped about what role the United States will play.

“I can confirm there is a cooperation agreement, joint financing model and workshare allocation packages between the U.S. and Estonia,” Salm said.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 24-1-2020 at 07:47 PM

What new documents say about US-partner cyber operations

Mark Pomerleau

12 hours ago

New documents made available through Freedom of Information Act shed light on anti-ISIS cyber operations in which Cyber Command thought about passing aim points to foreign partners. (U.S. Cyber Command Public Affairs)

Cyber operations were given their first big real-world test in November 2016, during the Department of Defense’s largest cyber operation to date. Now newly released documents reveal that U.S. Cyber Command proposed passing some targets to coalition partners — information typically held closely.

The documents, released as part of a Freedom of Information Act request from the National Security Archive at George Washington University, are a series of internal briefings and lessons from Operation Glowing Symphony. The operation was part of the larger counter-ISIS operations — Joint Task Force-Ares — but specifically targeted ISIS’s media and online operations, taking out infrastructure and preventing ISIS members from communicating and posting propaganda.

“As a [course of action] for dynamically deconflicting and engaging aim points of opportunity, the [cyber mission force] proposed passing aim point information to allied partners to take for action,” an after-action observation of Operation Glowing Symphony prepared by Cyber Command’s operations directorate stated.

Typically, cyber capabilities and targets are some of the most closely guarded secrets given the types of resources needed to gain access to targets’ networks. However, officials have indicated in the past that, sometimes, effects were easier achieved if given to coalition partners because they might not have as restrictive domestic authorities for using such capabilities. Moreover, they may also possess better access in some cases.

For years, the military operated under what the military, many members of Congress and national security experts considered restrictive authorities and polices. U.S. officials have detailed instances where domestic authorities and processes may have slowed down operations. The former commander of the joint task force in charge of the anti-ISIS operations described an instance in which they were trying to use non-kinetic capabilities to take out ISIS command posts. While the overall operation was successful, the planning and coordination took weeks. Other officials noted that foreign partners provide unique access or unique capabilities and operate off of different authorities that compliment those of the military.

Those authorities and processes have been streamlined by the executive branch and Congress in recent years.

The documents recommend that Cyber Command establish a memorandum of understanding with allied partners to codify the relationship for deconfliction operations.

This becomes important as other nations have developed advanced offensive cyber capabilities for intelligence and military purposes. The Australians, for example, have detailed the various offensive cyber operations they undertook as part of the global anti-ISIS coalition.

The documents also point to how in 2016 coordination with the interagency — which typically includes intelligence agencies that are also operating in cyberspace for espionage rather than disrupting networks — was too immature to execute operational deconfliction.

The observations, however, point out that recommendations to develop an operational deconfliction script and process had been implemented.

Separate from the after-action review, a 30-day assessment of the operation noted that while the joint interagency coordination process is fairly mature, it has not been flexed to synchronize the speed, scope and scale of Operation Glowing Symphony. It went on to say that those processes were “taxed” and matured.

A 120-day assessment pointed out that deconfliction processes at the time placed unnecessary restrictions on combatant commands’ ability to coordinate cyber operations. If targets had been validated and vetted, the partially redacted portion of the 120-assessment stated, the combatant command should not be prevented from requesting support from Cyber Command.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 29-1-2020 at 03:49 PM

New cybersecurity standards for contractors could be finalized this week

Mark Pomerleau

Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the Cybersecurity Maturity Model Certification (CMMC), told an audience Jan. 28 that she will have the requirements by the end of the month.

The first version of the new cybersecurity requirements the Pentagon wants military contractors to follow could be finalized as soon as Jan. 31.

Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the Cybersecurity Maturity Model Certification (CMMC), told an audience Jan. 28 that she will have the requirements by the end of the month.

The CMMC is a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic hygiene and a five represents advanced hygiene. Arrington said Jan. 28 that the lowest level will become the default for Department of Defense contracts and will include basic tasks such as changing passwords.

Speaking at an event hosted by the law firm Holland and Knight, Arrington said the new standards won’t be in effect overnight. The auditors and assessors who will grade companies need training and new contracts will be slowly phased in.

“The likelihood that any awards will be made until 2021 [of the certification] is, I would say, highly unlikely,” she said. She noted that companies are not required to have CMMC certification until the time of award. “You have a full year to get yourselves set, to get yourself in position.”

According to one slide in her presentation, all new contracts will have the requirements in fiscal year 2026. Arrington expects 1,500 companies to be certified by the end of 2021.

The requirements are expected to be free of jargon and overly technical language that can often make military documents befuddling.

“I asked if it could be created on an eighth grade reading level. Why? Because I’m not smart and I owned a small business and I fell prey to this,” she said. “I needed it to be in something that anybody could adapt to. We hear companies all the time say my nephew is doing my cybersecurity. I need your nephew to read what I need him to do.”

Arrington promised that the requirement would not become a simple checklist, because if it does “I’ve failed. We failed.”

Moreover, she suggested the framework be reevaluated at least once each year because cyber threats will continue to evolve.
View user's profile View All Posts By User

Posts: 19900
Registered: 13-8-2017
Location: Perth
Member Is Offline

[*] posted on 13-2-2020 at 03:45 PM

How ‘hunt forward’ teams can help defend networks

Mark Pomerleau

8 hours ago

The Pentagon provided funding for equipment for U.S. Cyber Command's so-called hunt forward teams that deploy to other nations and help defend their networks. (Maj. Robert Felicio/Army National Guard)

The Department of Defense wants to spend $11.6 million in fiscal year 2021 to buy systems that would help cyber operators perform “hunt forward” missions, where teams deploy to other countries to stop malicious cyber activity.

The Pentagon did not appear to set aside procurement money for the program in fiscal year 2020.

The operations provide U.S. cyber teams insight into tactics used by adversaries that could be turned against U.S. networks or during elections in the future.

The funds are part of the Air Force’s procurement budget for fiscal year 2021 through the “C3/Countermeasures” program. The Air Force serves as U.S. Cyber Command’s executive agent in procuring equipment.

Defense officials view these hunt forward operations as a critical component to protecting the homeland and as part of a new strategy of “persistent engagement,” which is how Cyber Command executes a philosophy of “defend forward” by challenging adversary activities wherever they operate.

"In a hunt forward operation, we are able to work with partner nations and receive an invitation to execute operations in their country,” Brig. Gen. William Hartman, commander of the Cyber National Mission Force and Cyber Command’s election security lead, said at an event in January. “These are generally countries that are in the near abroad of adversaries that we’re potentially concerned about.”

For the second consecutive year, Cyber Command announced in October that it was deploying teams to Montenegro for hunt forward operations. The funds will go toward the hardware and software needed to equip the Cyber National Mission Force teams deploying to other nations.

Air Force research and development funds also help support these missions. Within the cyber operations technology development program, the military plans to spend $22.8 million on joint sensors. Budget documents note that hunt forward operations provided cyber teams access to networks that traditionally within the spheres of influence around Russia, China, Iran and North Korea. U.S. military teams could then “enable defense and impose costs.”

“Hunt Forward kits were delivered across the Cyber Protection Team forces by the Services and provided the means to better assess and defend the DoDIN,” the budget documents state.
View user's profile View All Posts By User

  Go To Top

Powered by XMB 1.9.11
XMB Forum Software © 2001-2017 The XMB Group
[Queries: 16] [PHP: 74.5% - SQL: 25.5%]