Upload
others
View
11
Download
1
Embed Size (px)
Citation preview
Defense Enterprise Cyber Range Environment Command and Control Information Systems
(DECRE C2IS)
International Testand
Evaluation Association7 March 2018
DECRE C2IS Road to Here• Feb 2013 DOT&E asked JS J6 to lead efforts to integrate “range” capabilities to
build an operationally realistic representation of a CCMD’s networks, C2 systems & process…to support testing, training & development of cyber capabilities.
• Over the past 4 years DECRE C2IS partners have conducted 28 two/three-week events in the closed environment of the cyber range.
• 2013-2014: Focused on air & missile defense systems in NORAD-NORTHCOM.Discovered C2 system vulnerabilities and implemented exercise cyber effects.
• 2015: Continued NORAD-NORTHCOM focus – expanded to include EUCOM. Incorporated AEGIS weapons system and Missile Defense C2 systems, and demonstrated real time data feed from CCMD exercise to the range.
• 2016: Supported USPACOM with a series of cyber training and mission rehearsal events in preparation for Exercise PACIFIC SENTRY 16-2 and 16-3. In house V&V of ability to support GCCS-J test.
• 2016-2017: Built a SECRET//REL FVEY environment to support USPACOM and Australian Defense Force training & mission rehearsal for TALISMAN SABER 17.
• 2017: Restored the SECRET//NOFORN environment to train USPACOM and USTRANSCOM CPTs and USPACAF Mission Defense Teams.
2
DECRE C2IS Partners
Realistic cyber environment to support vulnerability assessments,cybersecurity testing and warfighter training
462 SQN Adelaide, AUS
DCOT
TSMOHuntsville, AL
Red Team
NIOCNorfolk, VA
Red Team
CCMD CPT CWIC,
Camp Smith, HI
CPT
613TH AOC MDT Hickam AFB, HI
MDT
C5AD Suffolk, VA
C2 Systems/Data
CDSA-USS SecureDam Neck, VA
Navy Labs
Ship C2 Systems
46 TS Eglin AFB, FL
C2 Systems/Data
DODIN CPT Ford Island, HI
CPT
57 IASNellis AFB, NV
Red Team
DCSRStafford, VA
Network Infrastructure/
Services
JMNHuntsville, AL
Data Transport
JIORNorfolk, VA
Data Transport
RSDPs: Huntsville, ALPax River, MD
Network Infrastructure
Traffic Gen/Services
Subject to Cyber Effects
MDASchriever AFB, CO
BMD Systems
NCR Orlando, FL
Network Infrastructure/
Services
NCRC
747TH CS MDT Hickam AFB, HI
MDT
673TH CS MDT Elmendorf, AFB, AL
MDT
CCMD CPT Scott AFB, IL
CPT
AOC: Air Operations CenterBMD: Ballistic Missile DefenseC5AD: C5 Assessments DivisionCCMD: Combatant CommandCDSA: Combat Direction Systems ActivityCS: Communications SquadronCWIC: Cyber War Innovation CenterDCOT: Defensive Cyber Operations TeamDCSR: DoD Cyber Security RangeDODIN: DoD Information NetworkIAS: Information Aggressor SquadronJIOR: Joint Information Operations RangeJMETC: Joint Mission Environment Test CapabilityJMN: JMETC MILS NetworkMDA: Missile Defense AgencyMDT: Mission Defense TeamNCR: National Cyber RangeNCRC: National Cyber Range ComplexNIOC: Navy Information Operations CommandRSDP: Regional Service Delivery PtTS: Test Squadron
607 AOC MDT Osan AFB, ROK
CPT
USN CPT Yokosuka Naval
Base, JP
CPT
2018
3
Concepts Underlying DECRE C2IS Cyber Range
Create an operational environment in which Blue Force Players, C2 systems and networks, and Red Teams can interact in a realistic manner
Integration of real C2 system & networks and virtual C2 systems & networks, NIPR & SIPR (Focused on JOC, MOC, AOC, JFLCC)
Integration of recorded exercise data or real time data from exercises to drive C2 data play
Integration of instrumentation to quantify system performance, survivability and mission impacts
Integrate training of network operators and defenders, Enterprise Operations Centers (EOC), Cyber Security Service Providers (CSSP), and Cyber Mission Force operators and systems
4
DECRE C2IS Activities and Capabilities
Activities• Training • Mission Rehearsal• Capability
Development• Experimentation• Testing
• Persistent SECRET NOFORN Environment• Persistent SECRET REL (FVEY) Environment• JIOR and JMN interconnected, 220+ nodes• Integrated Planning Team / White Cell• Joint CCMD architecture• Emulates Base/Post/Camp/Stations
interconnected by DODIN• NIPRNet and SIPRNet
• Traffic emulation for NIPR/SIPR & C2 systems• Cyber defenders install/configure own Cyber
Defense Applications/Sensors/Rule Sets• Network Operations Monitoring and Analysis
with SOLARWINDS and RIVERBED• Daily after-Action Review Capability (Ground
Truth for Testing and Training)• Scenario & Traffic Playback J7 M&S Federation
(3 recorded CCMD exercises in hand, 4 more by April 2018)
Current Capabilities
DECRE C2IS Footprint
5
DECRE C2IS (Example)
(Site A) JFACC/AOC
(Site B) CCMD JOC
(Site C) JFMCC/MOC
(Site D) JFLCC (Site E) External Interface
DISA IAP
Internet
6
Command & Control Systems and Supporting M&S
7
AOC Weapon System Critical C2 Systems (example)
ServicesAir Operations NetCore ServicesDefense Message SystemGeospatial Product LibraryGlobal Broadcast System-IPInfoWorkSpaceNSA Threat Warning NetworkPredator Video
InfrastructureAOC Comm Enhancement PkgAF Tactical Receive SuiteBoundary Security System*C2 Wpn Sys Part Task TrainerCore Infrastructure
(e.g., routers, network apps)Cross Domain SolutionsDeployable Transit-case SystemJt Air Defense System IntegratorPrecision Lightweight GPS Rcvr
AOC 10.1 Baseline AOC 10.1 BaselineWeb-Based ToolsGlobal Transportation NetworkINTELINK and INTELINK-S* Requirement Mgmt System
Mission ApplicationsArmy Battlefield Control SystemC2 Info Processing SystemC2 Personal ComputerC2 Common ClientCollection Mgmt Mission Applic’nCombat Survivor Evader Locator DoD Intel Support System Generic Area Limit’n Envrnmt Lite Global Cmd & Control System - I3Global Cmd & Control System - J Global Decision Support System GPS Interference & Navigation ToolImagery Product LibraryInfo Warfare Planning CapabilityInterim Targeting SolutionJoint Air & Ground StationJoint Auto Deep Ops Coord SystemJoint Targeting ToolkitJoint Weather Impact ServerMAAP Tool KitCSAR C2 SoftwarePlanning & Decision Aid StationPortable Flight Planning SystemProcess’g & Displ Subsys Migrat’nSpace Battle Mgmt Core SystemTarget Application WorkstationTheater Battle Mgmt Core SystemWeapons System Video
8
M&S Capabilities in DECRE C2IS Cyber Range
BLUE GROUND LOTS WS
BLUE NAVAL LOTS WS
BLUE AIR LOTS WS
C2 SYSTEMS
Low Overhead Training System (LOTS)Joint Staff J7 GOTS software application designed to stimulate C2 Systems when simulation of forces is not needed
Joint Simulation Protocol Analyzer (JSPA) Logs all exercise simulation traffic
C2 Networks (OTH-Gold / TADIL / USMTF / FDL)
HLA / DIS / TENA Networks
JRC JSPA LOTS
JMECSJAWS VRSGJMEM
JS J7 JLVC Federation
Record on SIPRNET and
Play-back C2/M&S in DECRE C2IS
(JIOR)
LARIAT MIT-Lincoln Labs (MIT-LL): Emulates users performing real tasks, with real applications, e-mail, browsing, chat of from to a million physical hosts.
Cross Domain Solution (Controlled Interface)
Radiant Mercury
USEUCOM / USAREUREUCOM AC15 C2/M&S Track Feeds to DECRE
DECRE C2IS EnvironmentSuffolk, VA
Joint MSEL and Exercise Control Station (JMECS)C2 Stimulation and MSEL Management
Live feed
9
Cyber Security RangeStafford Joint IO Range
NorfolkC4 Assessment Division
Suffolk
Navy Combat Systems Direction Activity
Dam Neck / Virginia Beach
Red TeamSandia National Labs
Albuquerque
Air Force Red Team57 IAS
Nellis AFBNavy Red Team
Navy IO CommandNorfolkTest Resource Mgmt Center
JMETC MILS Network PointRedstone
USPACOM Cyber Protection TeamCyber War Innovation Center
Camp Smith
Cyber Defense Flight613 AOC
Hickam AFB
462 SquadronRAF Edinburg
Defence Network Operations CentreCanberra
Hawaiian Islands
Australia
CONUS
Range/Capability Provider
Cyber Defender
OPFOR Red Team
9,800 miles
5,700 miles
9,900 miles
4,400 miles
DECRE C2IS Footprint for US/AUS Training and Mission Rehearsal
46 Test SquadronEglin AFB
Army Red TeamThreat Systems Mgmt Office
Redstone
Objectives Support PACOM DCO training, Cyber C2
CONOPS & TTP development Build the US/AUS Environment on the
range in preparation for TS17 – Work through issues of integration,
interoperability and survivability.
10
Red /Blue Team Observations
• July 2017 (PACOM TS17 Cyber FTX)• On a scale of 1-10 with 10 being real, how representative of a
CCMD network is the DECRE C2IS? • 613th AOC Mission Defense Team – 7 (by design due to REL-FVEY)
• 501 CPT, AOC defense mission – 8• 462 SQDN DCOT, Australian AOC cyber defense team – 8• 500 CPT, PACOM JOC defense mission – 8• 46th Test SQDN, AOC system provider – 7 (by design due to REL-FVEY)
• TSMO, US Red Team – 4 (need for more systems and traffic) (previous event was 8)
• This was a PACOM/Australia SECRET REL FVEY environment involving combined US/Australian Blue and Red Teams attacking and defending a JOC and AOC. – “Network traffic replicated real world well, making it challenging to pinpoint the
Red Team” (501CPT)– 1st time US and REL FVEY partner have jointly defended and attacked C2 systems
11
Near Term Focus: • More: C2 systems, enclaves, system operators, MDTs, CPTs, and CSSPs• Persistent unclassified and classified environments (NIPR, SIPR, REL FVEY)• PKI, DEE, Dynamic Web Services, Dynamic SharePoint, LARIAT supplement• Build cloud computing environment (Web services to host TRANSCOM)• Support to C2 cyber testing and assessment
Challenged by: (working with JMETC and TENA to address)• Persistence• Event management functions (OPFOR, Scenario, White Cell) (TENA)• Automated threats• Automated configuration tools for creation, restoration and re-use (TENA)• Instrumentation to quantify Red and Blue team actions and effectiveness of tools and response actions (TENA)
Focus and Challenges
12
DECRE 18-226 Feb - 16 Mar
DECRE C2IS FY 18 Schedule
H - Marks Holidays2017Labor 4 SepColumbus 9 OctVeteran’s 10 NovThanksgiving 23 NovChristmas 25 Dec
As of 8 Feb 2018
BQ 18-1 TBD
PS/KE 18-2 26 Jan-2 Feb
PS 18-3 6-24 Aug
RF 18-122 Jan-9 Feb
RF 18-216-27 Jul
CSR MX2-7 Jan
BQ 17-2 2 Oct-3 Nov
Engineering11-29 Sep
DECRE 18-1Eng 6-9 Nov
EX 13-17 Nov
TC/UG/VS 18 30 Oct – 7 Nov
C5AD MX 20 Nov-12 Jan
2018New Year 1 JanMLK 15 JanPres B-Day 19 FebMemorial 28 MayIndependence 4 JulLabor 3 Sep
HHHHHHHHHHH
DECRE 18-1 Objectives: Establish S//NF environment for FY 18 CCMD SupportDeploy JIOR nodes for current / future operationsNIPR & SIPR enclaves; NIPR Internet Access PointDefine requirements for TENA support / integrationConduct Red & Blue Team environment assessmentExercise CPT defensive actions
Oct 17 Nov Mar Apr May Jun Jul Aug Sep 18 Dec 17 Jan 18 FebSep 17 Oct 18
TC/UG/VS 19 TBD Oct
DECRE 19-1TBD
DECRE 18-39 - 27 Apr
DECRE 18-44 - 22 Jun
DECRE 18-530 Jul - 17 Aug
DECRE 18-4 Objectives: TBD• Establish US/ROK S//REL ROK Cyber Range• Host Event environment in PACOM RSDP• Enable US/ROK information sharing
DECRE 18-5 Objectives: • S//NF Mission rehearsal support for CPTs & AOC
MDTs in PACOM AOR• S//NF Mission rehearsal for USTC CSSP & CPT• Exercise CSSP, CPT and User defensive actions• Improve USTC and JFCC enclaves• Add additional mission systems• Deploy Military Sealift CMD ship (USS Secure)
CG / CF 18 4-8 Jun
18-29 Jun
Other Known / Expected Events
DECRE 18-3 Objectives: • S//NF Support mission rehearsal /training for CCMD
CPTs & PACAF MDTs • Integrate 46 TS AOC enclave• Exercise CPT & MDT defensive actions / TTPs • Begin Integration of PKI Capabilities• Integrate TENA Visualization/Event Mgmt capabilities• Deploy 128T (MTU mitigation) capabilities
USPACOM & USTRANSCOM Cyber Mission Rehearsal and Training
DISADefender10-14 Sep
CSR MX3-8 Apr
CSR MX3-8 Jul
CSR MX2-7 Oct
13
Black Demon16 Apr-7 May
DECRE 18-2 Objectives: • S//NF Support mission rehearsal /training for
CCMD CPTs & PACAF MDTs • Robust & refine traffic generation capabilities• Improve OPFOR planning & threat presentation• Exercise CPT & MDT defensive actions / TTPs • Integrate TENA Event Management Capabilities
Gregory CurthJoint Staff J6, C5AD(757) [email protected]
Randy CoontsJoint Staff J6, C5AD(757) 203-5714
Roderick HallumJoint Staff J6, C5AD(757) 203-5714
Points of Contact
14