USSOCOM Satellite Operations - AFCEA International · 2017. 7. 28. · Platoon SNCOIC (E-8) 699 Operations Officer (Civ) 2210 Network Cyber Planner (CWO2) 650 Cross Functional Squad

1

Agenda (U)

SOF Information Environment (SIE)

Defensive Cyberspace Operations (DCO) Organization

USSOCOM’s Cross Functional Squad (CFS) Concept

Defensive Cyber Operations Intelligence Center (DCOIC)

Challenges

Outreach

USSOCOM J6

SOF Information EnvironmentGlobal Enterprise

TNCC SWA

TNCC AFG

TNCC PAC

TNCC Stuttgart

JSOC JNCC

427

251

241

231

- Deployed Nodes

CPT

700

CPT

701

CPT

7XX

Spans from the COCOM HQ to the individual SOF operator in the field

STRATEGIC

1 Global NETOPS Center (SOF GEOC)

2 Distributed Data Centers (DDC)

6 SOCOM Strategic Entry Points (SSEP)

Gateways to SIE from DISN; other Networks

5 Media Ports

Contract supported termination points for

SOF tactical systems

OPERATIONAL

4 Theater Network Control Centers (TNCC)

4 Regional Support Centers (RSC)

2 Component Network Operations Centers

115 x Garrison locations at Component

and TSOC locations

1 SOCOM Mobile SSEP

TACTICAL

1150+ SOF Deployable Nodes

(SDN)

Direct support to Real

World, Exercise

and Training missions

CNCC USASOC

SOF GEOC (DDC2)

(DDC1)

CNCC AFSOC

Deployed Node

Distributed

LEGEND

TNCC/CNCC/SSEPRSC

Data Center

USASOC Node

AFSOC Node

-Aligned NETOPS areas of responsibility:

Regional and logical

-TSOC/Component J/G/A 6 responsible

and capable to NETOP AOR

-Tiered permissions tied to OU structure

to enable AOR control w/out impacting

other OU or enterprise

-SOF GEOC: peer w/JDOC TNCCs: SA

w/EOCs

Fucino

Adelaide

Usingen

Atlanta

Washington

Defensive Cyberspace Operations (DCO)

Organization

3

Chief

OPS

DCO Watch

CSIRT

CPT

CFS 1

CFS 2

CFS 3

CFS 4

CFS 5

Counter Measures

Defensive Systems

HBSS Server

HBSS Client

BlueCoat

SPLUNK

FireEye

DCOIC

Deputy

J635UNCLASSIFIED/FOUO

UNCLASSIFIED/FOUO

4

USSOCOM’s Cross Functional

Squad (CFS) ConceptLeadership Element MOS

Team Lead (O-3) 602

Platoon SNCOIC (E-8) 699

Operations Officer (Civ) 2210

Netw ork Cyber Planner (CWO2) 650

Cross Functional Squad Explained

The Cross Functional Squad (CFS) concept was created to

ensure we maintain a well rounded, fully capable, flexible team

with the ability to rapidly respond to and execute synchronized

Defensive Cyber Ops for the SIE.

“Trust can’t be surged” and the trust established via the

“habitual relationship” developed between the CFS and their

TSOCs and components will result in superior mission efficacy.

There are 7 members per team with each team representing the full

range of CPT capabilities. The intent is to have each squad

represented and to maintain an even balance of capability across each

team.

Leadership personnel will not fall under the CFS model. Rather, they

form their own element.

Intel Analysts

CFS 1 MOSMOS

CND Manager 0689

Netw ork Infrastructure Specialist 2210

Systems Architect 0689


Close Access Netw ork Operator 2210

Interactive Operator 0651

All-Source Intelligence Analyst 0231

CFS 2 MOS

CND Manager 0689





Cyber Security Analyst 0689


CFS 3 MOS

CND Manager 0689




Interactive Operator (ION) 0651



CFS 4 MOS

CND Manager 0689







CFS 5 MOS

CND Manager 0689



Systems Architect CTR




Due to training, PCS, TDY, etc.,

we expect only 4 simultaneous

CFS will be operational

DCOIC MOS






Commercial Cyber Intel Analyst 3 CTR

The intel analysts are dual-hatted as both

CFS members and as part of the core

capability in the Defense Cyber

Operations Intel Cell (DCOIC). The intel

analysts will have seats in both the

DCOIC and the GEOC.

USSOCOM J6UNCLASSIFIED

UNCLASSIFIED

DCOIC

Goal: Provide and facilitate timely cyberspace intelligence support to

USSOCOM Cyber Operations.

Functions: Generate SOCOM specific RFIs, Analyze reports for relevance to

SOF networks, Recommend mitigations, Produce reports on SOF incidents or

activities impacting SOF networks, understand and replicate adversary TTPs, Cue

SOF CND to adversary actions

5

LNOs:

FBI

CIA

NSA

Component

& TSOC J2s

CPT Intel

Analysts

SOCOM

J2

JCC Intel

Analysts

MARFORCYBER

J2

CYBERCOM

J2

JFHQ-DODIN

J2

DISA

GNSC

NTOC

Open

SourceJFHQ-Cs

Provide fused, proactive, and actionable intelligence on adversary actions targeting SOF , to determine the “so what” in order to provide mission assurance for our commanders

Industry

Rapid analytics of massive amounts of data

Combating lateral movement in a network optimized for

operations

Continuous education and training of the cyber workforce / new

blood

Implementing systems that are intuitive to the analyst

Ex: Data visualization of PCAP data

Detection based on behavioral heuristics vice known signatures

Proactive vice Reactive

Obsolete acquisition – need to leverage new capabilities like

Other Transaction Authorities (OTA)

Maintaining an operational warfighting network while the enemy

is inside the wire until we can extricate them – can’t afford to

isolate ourselves

Challenges

6

Sponsoring a Secure Cyber Research Facility with the

University of South Florida (USF) to advance cyber research

capability

Internships to improve the cyber workforce

Connecting with the Florida Cyber Center – influencing

curriculum

Support AFCEA Pelican chapter with a Cyber Outreach Program

at local high schools

Building synergistic Computer Network Defense (CND) capacity

in the Tampa area

Outreach

7

Documents

USSOCOM Satellite Operations - AFCEA International · 2017. 7. 28. · Platoon SNCOIC (E-8) 699 Operations Officer (Civ) 2210 Network Cyber Planner (CWO2) 650 Cross Functional Squad