28 October 2017

US Defence Cyber Strategy - Present Status

In April 2015 the US Dept of Defense published its cyber strategy. The 33-page document includes five key strategic goals, ranging from workforce and human capital development to full integration of cyber capabilities into military operations and deterrence. The purpose of this Department of Defense Cyber Strategy, was to guide the development of DoD's cyber forces and strengthen its cyber defense and cyber deterrence posture. It focused on building cyber capabilities and organizations for DoD’s three cyber missions:

Defend DoD networks, systems, and information; 

Defend the United States and its interests against cyberattacks of significant consequence; 

Provide integrated cyber capabilities to support military operations and

contingency plans

The strategy sets five strategic goals and establishes specific objectives for DoD to achieve over the next five years and beyond. The five strategic goals for its cyberspace missions are 
Build and maintain ready forces and capabilities to conduct cyberspace operations; 

Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions

Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence; 

Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages; 

Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.

Among DoD’s cyber personnel and forces, the Cyber Mission Force (CMF) has a unique role within the Department. Once fully operational, the CMF will include nearly 6,200 military, civilian, and contractor support personnel from across the military departments and defense components.

Cyber Mission Force. 133 teams by 2018. State and non-state actors threaten disruptive and destructive attacks against the United States and conduct cyber-enabled theft of intellectual property to undercut the United States' technological and military advantage. DoD must develop its cyber forces and strengthen its cyber defense and cyber deterrence posture.

National Mission Teams. 13 teams. Defend the United States and its interests against cyberattacks of significant consequence.

Cyber Protection Teams. 68 teams. Defend priority DoD networks and systems against priority threats.

Combat Mission Teams. 27 teams. Provide support to Combatant Commands by generating integrated cyberspace effects in support of operational plans and contingency operations.

Support Teams. 25 teams. Provide analytic and planning support to the National Mission and Combat Mission teams.

Present Status

Of the four types of teams that make up the cyber mission force — the 133-team cadre of cyber warriors the four service branches provide to U.S. Cyber Command — cyber protection teams (CPTs) serve as the quick reaction defensive force responding to network intrusions. Each 39-member CPT is broken into four sections.

The first, is a headquarters section, which takes care of the administrative part of managing and running a team in addition to taking care of some of the planning in preparation for a mission.

Next, there are two mission elements and a support element with the idea that each element has the same personnel and equipment and can be exchanged as need be and push them out on missions separately if required.

The difference between a cyber protection team and network operator or local administers is “at the end of the day they hunt for adversaries, They’re looking for someone that does not want to be found in our network and that’s what is a core skill that we train in our cyber protection teams.”

CPTs can be thought of as quick reaction forces to assist local owners and are not meant to remain on the network for an extended duration.

Army CPTs, have a broad range of missions,. These include assisting network owners or the local defenders, educating them on CPT capabilities and trying to leave the network in a much more defensible position, training and vulnerability assessment. 

The network operators have a difficult job, they are on call 24/7 and focused on vulnerabilities. CPTs show up for a short duration with a threat focus and help them close the gaps consistent with that particular threat, When they show up, they bring their own kit that includes hardware (server stacks), software and sensors. These kits provide teams with multiple tools, including: network assessment equipment; host forensics equipment, allowing them to look at the entire network and specific work stations; rudimentary defense mechanisms; plus a substantial amount of storage capability and comprehensive amount of computational power.

The combination allows them to flexibly create tools on the fly from their repository of tools to figure out what their exact setup needs to be. These kits are standardized among the cyber protection brigade and for Army Cyber.

CPTs can reconfigure their kits on the fly if need be. “When we do that mission analysis ... and think through what capabilities do we need to bring to bear based on the network we’re working on and based on the adversary we need to be hunting, we can set those capabilities up ahead of time so we can hit the ground running, It also gives us the capability to reconfigure it on the fly, so if we do hit the ground and the network may not be what it as supposed to be … we can reconfigure on site to again bring different capabilities to bear.”

These kits also have internal defenses that prevent them from becoming infected when plugged into infected networks. “While we do connect our kit directly to the network, we have defenses on it to ensure we ourselves don’t get exploited if the adversary is still on the network,” 

Across the joint force, however, service has a different type of kit, despite CYBERCOM producing a standard requirements document that all kits must meet standard baseline requirements.

This brings me to the question ; where are we. People involved with cyber in the services perhaps can corelate. Four years back the then Prime Minister announced creation of cyber command. Present Government also has reiterated the same. It is still not on ground. There are host of issues which need immediate attention. I have tried to highlight those in a paper submitted to VIF for publication. Hope it sees the light of the day.

More of cyber in my later papers.

No comments: