17 November 2017

4 priorities for DoD’s cyber defense arm

By: Mark Pomerleau 

Joint Force Headquarters-DoD Information Networks, or JFHQ-DoDIN, acts as Cyber Command’s defensive operational arm, providing global defense, command and control and synchronization of the DoDIN. Rear Adm. Kathleen Creighton, JFHQ-DoDIN’s deputy commander, who assumed the position in August, provided some insights into what her organization is working on during a keynote Nov. 14 in Arlington at the Defense Systems Conference.

Creighton explained that JFHQ-DoDIN is coming up on three years as an organization, and while they still have some work to do, they will reach full operational capability in January.

They’re still building, learning and staffing, she said, adding they are taking on additional missions and task as they mature.

JFHQ-DoDIN’s FOC is different from that of the cyber mission force for Cyber Command, slated to hit this mark by the end of September 2018, the previous deputy told C4ISRNET in January.

Planning cells at combatant commands

One of the priorities for the next year, Creighton explained, is to provide capability forward within the combatant commands to assist commanders with cyber defense planning.

Cyber Command has stood up forward-deployed planning cells within the combatant command staffs to help better coordinate offensive and defensive cyber effects, potentially leading to a cyber component command much like combatant commands have air and ground component staffs resident forward to coordinate effects in support of commander objectives.

These staff members will be integrated into combatant command planning, providing defensive experts who are forward, Creighton told Fifth Domain following her presentation.

Employment of defensive cyber teams

Adm. Michael Rogers, commander of Cyber Command, has equated cyber teams and cyber capabilities to intelligence, surveillance and reconnaissance assets, noting high demand, low density assets must be centralized and prioritized.

Creighton said they are working on how to deploy and prioritize cyber protection teams developing better processes for putting CPTs on terrain. CPTs are the defensive cyber mission force teams that act as quick reaction forces, of which JFHQ-DoDIN has six.

When CPTs first started coming online, often times “who ever raised their hand” received a CPT to put on some terrain because they were just starting out and just developing their capabilities, she said. “Now we recognize high demand, low density force needs to be apportioned like that, so we’re maturing that process.”

Cyber COP

Creighton also discussed the components of a cyber common operational picture that might be important from a defensive cyber perspective.

Cyber Command is currently working to build the Military Cyber Operations Platform, the warfighting platform used by the cyber mission force to conduct Title 10 warfighting missions.

On the JFHQ-DoDIN side, she said, they recognize the need for blue force tracking in cyberspace. Deconfliction and tracking of friendly forces in cyberspace is something of great importance to offensive teams, as well, given how confusing network operations can be. Deconfliction can prevent blue forces from competing against each other at the same objective.

CPTs need to be tracked in terms of what terrain are they operating on as well as what missions are they focused, Creighton said. They’re working that with Cyber Command, Joint Staff and others to figure out how to leverage current systems and programs, telling Fifth Domain this is integrated with Cyber Command’s MCOP effort.

“The most important thing is interoperability between all these different COPs,” she said, adding they want to guard against stovepiped systems.

No comments: