Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Agenda (U)
SOF Information Environment (SIE)
Defensive Cyberspace Operations (DCO) Organization
USSOCOM’s Cross Functional Squad (CFS) Concept
Defensive Cyber Operations Intelligence Center (DCOIC)
Challenges
Outreach
USSOCOM J6
SOF Information EnvironmentGlobal Enterprise
TNCC SWA
TNCC AFG
TNCC PAC
TNCC Stuttgart
JSOC JNCC
427
251
241
231
- Deployed Nodes
CPT
700
CPT
701
CPT
7XX
Spans from the COCOM HQ to the individual SOF operator in the field
STRATEGIC
1 Global NETOPS Center (SOF GEOC)
2 Distributed Data Centers (DDC)
6 SOCOM Strategic Entry Points (SSEP)
Gateways to SIE from DISN; other Networks
5 Media Ports
Contract supported termination points for
SOF tactical systems
OPERATIONAL
4 Theater Network Control Centers (TNCC)
4 Regional Support Centers (RSC)
2 Component Network Operations Centers
115 x Garrison locations at Component
and TSOC locations
1 SOCOM Mobile SSEP
TACTICAL
1150+ SOF Deployable Nodes
(SDN)
Direct support to Real
World, Exercise
and Training missions
CNCC USASOC
SOF GEOC (DDC2)
(DDC1)
CNCC AFSOC
Deployed Node
Distributed
LEGEND
TNCC/CNCC/SSEPRSC
Data Center
USASOC Node
AFSOC Node
-Aligned NETOPS areas of responsibility:
Regional and logical
-TSOC/Component J/G/A 6 responsible
and capable to NETOP AOR
-Tiered permissions tied to OU structure
to enable AOR control w/out impacting
other OU or enterprise
-SOF GEOC: peer w/JDOC TNCCs: SA
w/EOCs
Fucino
Adelaide
Usingen
Atlanta
Washington
Defensive Cyberspace Operations (DCO)
Organization
3
Chief
OPS
DCO Watch
CSIRT
CPT
CFS 1
CFS 2
CFS 3
CFS 4
CFS 5
Counter Measures
Defensive Systems
HBSS Server
HBSS Client
BlueCoat
SPLUNK
FireEye
DCOIC
Deputy
J635UNCLASSIFIED/FOUO
UNCLASSIFIED/FOUO
4
USSOCOM’s Cross Functional
Squad (CFS) ConceptLeadership Element MOS
Team Lead (O-3) 602
Platoon SNCOIC (E-8) 699
Operations Officer (Civ) 2210
Netw ork Cyber Planner (CWO2) 650
Cross Functional Squad Explained
The Cross Functional Squad (CFS) concept was created to
ensure we maintain a well rounded, fully capable, flexible team
with the ability to rapidly respond to and execute synchronized
Defensive Cyber Ops for the SIE.
“Trust can’t be surged” and the trust established via the
“habitual relationship” developed between the CFS and their
TSOCs and components will result in superior mission efficacy.
There are 7 members per team with each team representing the full
range of CPT capabilities. The intent is to have each squad
represented and to maintain an even balance of capability across each
team.
Leadership personnel will not fall under the CFS model. Rather, they
form their own element.
Intel Analysts
CFS 1 MOSMOS
CND Manager 0689
Netw ork Infrastructure Specialist 2210
Systems Architect 0689
Systems Architect 2210
Close Access Netw ork Operator 2210
Interactive Operator 0651
All-Source Intelligence Analyst 0231
CFS 2 MOS
CND Manager 0689
Netw ork Infrastructure Specialist 2210
Systems Architect 0689
Systems Architect 2210
Close Access Netw ork Operator 2210
Cyber Security Analyst 0689
All-Source Intelligence Analyst 0132
CFS 3 MOS
CND Manager 0689
Netw ork Infrastructure Specialist 0689
Systems Architect 0689
Systems Architect 2210
Interactive Operator (ION) 0651
Cyber Security Analyst 0689
All-Source Intelligence Analyst 0231
CFS 4 MOS
CND Manager 0689
Netw ork Infrastructure Specialist 0689
Systems Architect 0689
Systems Architect 2210
Close Access Netw ork Operator 2210
Interactive Operator (ION) 0689
All-Source Intelligence Analyst 0231
CFS 5 MOS
CND Manager 0689
Netw ork Infrastructure Specialist 2210
Systems Architect 0689
Systems Architect CTR
Interactive Operator (ION) 0689
Cyber Security Analyst 0689
All-Source Intelligence Analyst 0132
Due to training, PCS, TDY, etc.,
we expect only 4 simultaneous
CFS will be operational
DCOIC MOS
All-Source Intelligence Analyst 0231
All-Source Intelligence Analyst 0132
All-Source Intelligence Analyst 0231
All-Source Intelligence Analyst 0231
All-Source Intelligence Analyst 0132
Commercial Cyber Intel Analyst 3 CTR
The intel analysts are dual-hatted as both
CFS members and as part of the core
capability in the Defense Cyber
Operations Intel Cell (DCOIC). The intel
analysts will have seats in both the
DCOIC and the GEOC.
USSOCOM J6UNCLASSIFIED
UNCLASSIFIED
DCOIC
Goal: Provide and facilitate timely cyberspace intelligence support to
USSOCOM Cyber Operations.
Functions: Generate SOCOM specific RFIs, Analyze reports for relevance to
SOF networks, Recommend mitigations, Produce reports on SOF incidents or
activities impacting SOF networks, understand and replicate adversary TTPs, Cue
SOF CND to adversary actions
5
LNOs:
FBI
CIA
NSA
Component
& TSOC J2s
CPT Intel
Analysts
SOCOM
J2
JCC Intel
Analysts
MARFORCYBER
J2
CYBERCOM
J2
JFHQ-DODIN
J2
DISA
GNSC
NTOC
Open
SourceJFHQ-Cs
Provide fused, proactive, and actionable intelligence on adversary actions targeting SOF , to determine the “so what” in order to provide mission assurance for our commanders
Industry
Rapid analytics of massive amounts of data
Combating lateral movement in a network optimized for
operations
Continuous education and training of the cyber workforce / new
blood
Implementing systems that are intuitive to the analyst
Ex: Data visualization of PCAP data
Detection based on behavioral heuristics vice known signatures
Proactive vice Reactive
Obsolete acquisition – need to leverage new capabilities like
Other Transaction Authorities (OTA)
Maintaining an operational warfighting network while the enemy
is inside the wire until we can extricate them – can’t afford to
isolate ourselves
Challenges
6
Sponsoring a Secure Cyber Research Facility with the
University of South Florida (USF) to advance cyber research
capability
Internships to improve the cyber workforce
Connecting with the Florida Cyber Center – influencing
curriculum
Support AFCEA Pelican chapter with a Cyber Outreach Program
at local high schools
Building synergistic Computer Network Defense (CND) capacity
in the Tampa area
Outreach
7