Shaping Cyberspace for Our Advantage Randy Cieslak Chief Information Officer 12 November 2013 1
Shaping Cyberspace to Our Advantage 1. Understanding Cyberspace 2. Characterizing Cyberspace 3. Using Cyberspace 4. Protecting Cyberspace using Risk Management 5. Protecting Cyberspace through the Information Assurance Framework 6. Suggestions, Solutions and Our Way Ahead 2
Understanding Cyberspace “Gimme some of that cyber stuff” “Release the cyber forces!” 3
Cyber – Historical Background • Cyber: Greek: steersman, pilot, helmsman; to steer, guide, govern, governor • Used today as the short term for “cybernetics” which means: – The science or study of communication in organisms, organic processes, and mechanical or electronic systems. • Coined by U.S. mathematician Norbert Wiener (1894-1964) who hypothesized that there is a similarity between the human nervous system and electronic machines. • In his book, Neuromancer (1984), science fiction writer William Gibson (b. 1948) presents the idea of global information network called the Matrix, and the term Cyberspace, by which he meant a virtual reality simulation with a direct neural feedback. – During the years since Gibson wrote Neuromancer, other names have been created for that shadowy space where computer data exist: the Internet, the Net, the Web, the Cloud, the Matrix, the Metaverse, the Datasphere, the Electronic Frontier, and even the Information Superhighway. – Gibson’s coined term may be the most lasting because by 1989 it was borrowed by the online community to describe today’s interconnected computer systems; especially, the millions of computers on the Internet, and not just a science-fiction fantasy in the author’s imagination. 4 Source: WordInfo.info, Senior Scribe Publications under normal fair use exceptions.
Cyberspace Definitions • Cyberspace : the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people. National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD23) • Cyberspace Operations: The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid. JP 1-02 5
Cyberspace Definitions (continued) • Cybersecurity Polic y: The strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. The scope does not include other information and communications policy unrelated to national security or securing the infrastructure. White House Cyberspace Policy Review, June 2009 6
Characterizing Cyberspace “Information Technology and Cyber are different.” Huh? 7
UNCLASSIFIED//FOUO Cyber / Infostructure Modernization Approach 1. Framework to capture efforts 2. Objectives, guidelines and principles to map efforts to the framework 3. Solutions to meet the requirements from the objectives 4. Architecture that maps the solutions to implementation 5. Plans to implement the solutions 6. Projects to execute the plan 7. Infostructure (Information Infrastructure) Info to provide capability services 8. Services to provide and enable capabilities 9. Capabilities to accomplish the mission 10. Mission to support and protect our national interests 8
USPACOM C2/CS Architecture Framework Based on the Information Services Reference Model Strengthen Cooperative Security Reduce Violent Deter Robust Military Deter Military Relationships Arrangements Extremism Adversaries from Capability Aggression Protect the Homeland STRATEGIC LAYER using WMDs Make Sound Provide / Monitor Plan Exchange Maintain SA / Decisions Obtain Execution Situational Strategic Replan as Allocate Authorities Information Based on OPERATIONS LAYER Direction Necessary Forces (JTF) ADM Willard’s C2 Cycle Information Retrieval Operational Logic Data Sourcing Information Conditioning Presentation & Content Discovery / People Business Rules Timely and Accurate Common formatting and tagging Knowledge Management Discovery / Service Discovery Dashboards INFORMATION CONTENT LAYER Mediation Rendering information for mental consumption Command & Control Battlespace Awareness Force Application Protection Building Partnerships Common Applications GCCS / NECC IntelLink / Intelipedia BMD / JADOCS Corporate TSCMIS / APAN File / Print / Share / E-Mail / Web / Chat / NetCentric Logistics Management Office Automation / AMHS /GPS / Force Management APPLICATIONS LAYER GCSS Voice / Video / Collaboration & Support NCES/DCO/CyberDefense Network Boundary Physical Vulnerability Identification & Incident Personnel Information Enclave Mgt. Defense Enclave Mgt. Mgt. Authentication Mgt. Education & Conditioning & Awareness INFORMATION ASSURANCE LAYER Control Authorization & Continuity Privilege Mgt. of Ops. (BACKPLANE) Tactical POTS JWICS NSANet CENTRIXSs NIPRNET SIPRNET DVS-G Link 11 Link 16 DSN VPNs NETWORKING & ENCLAVING LAYER TADIL-A TADIL-J Internet Space LOS/BLOS Radio Wireless Mobile Phone / IP Data Terrestrial / Undersea Commercial Military Undersea Cabling Area Cable Plants INMARSAT UHF WiFi GSM EVDO DSCS AEHF EHF-LDR TSAT VHF HF TMR LMR WIMAX Defense Data Transport Services CWSP Iridium TELECOMMUNICATIONS LAYER WGS EHF-MDR GBS UHF JTRS BBS Commercial Data Transport Services Unattended Autonomous Vehicles Space Sensors Weapon Platforms Cyber Sensors Overhead Sensors SENSORS ACTUATORS & COMPUTING LAYER Undersea Sensors SENSOR & ACTUATOR LAYER Ground Sensors USAF-Led Army-Led JTF JTF Navy-Led Agency-Led JTF JSOTF USMC-Led JTF JTF UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO Cyber Discussion Framework Dimensions of Cyberspace Lines of Cyberspace Logical Cognitive Operations / Capabilities (Virtual) (Mental) Physical Provisioning Information Operations Capabilities Defense Active Defense Exploitation Exploitation Capabilities Attack 10
11 Overarching set of MISSIONS, activities to OPERATIONS accomplish a major & EFFORTS Cognitive objective * ISRM - Information Services Reference Model (Mental) PROCESS, Work and activities to TASKS & make decisions and organize, coordinate and oversee information capabilities and uses Policies, guidance and activities TRAINING produce results – fueled by information SERVICES and assure information to design, plan, resource, The ability to protect Dimensions of Cyberspace The products and and infostructure INFORMATION payload for awareness, CONTENT knowledge, and SERVICES understanding Cyber Discussion Framework with ISRM* The ability to process, APPLICATION (Virtual) display, produce and Logical SERVICES consume information INFORMATION DEVELOPMENT The ability to connect NETWORKING ASSURANCE communities for sharing PLANNING, & SERVICES SERVICES and collaboration The ability to move and TELECOMMUNICATION distribute signals, data SERVICES and information ARCHITECTURE, MANAGEMENT, GOVERNANCE, Physical The ability to sense and EDGE/COMPUTING process data, and SERVICES execute controls SUPPORT, Activities and resources that provide manpower, MAINTENANCE, facilities, consumables SUSTAINMENT, and technical support of SHELTER & SPACE the Infostructure Active Defense Provisioning Exploitation Operations Operations / Capabilities Defense Attack Lines of Cyberspace Exploitation Capabilities UNCLASSIFIED//FOUO Capabilities Information
Cyber Discussion Framework with ISRM* for Dependencies Dimensions of Cyberspace Lines of Cyberspace Logical Cognitive Operations / Capabilities Physical (Virtual) (Mental) Policies, guidance and activities GOVERNANCE, PLANNING, & to design, plan, resource, Provisioning MANAGEMENT, DEVELOPMENT organize, coordinate and oversee ARCHITECTURE, information capabilities and uses Information SERVICES TRAINING TASKS & PROCESS, & EFFORTS OPERATIONS MISSIONS, SHELTER & SPACE SUSTAINMENT, MAINTENANCE, SUPPORT, SERVICES CONTENT INFORMATION Capabilities Th EDGE/COMPUTING APPLICATION pro SERVICES SERVICES exe Operations fueled by information produce results – make decisions and Work and activities to the Infostructure and technical support of facilities, consumables that provide manpower, Activities and resources understanding knowledge, and payload for awareness, The products and objective accomplish a major activities to Overarching set of TELECOMMUNICATION NETWORKING SERVICES SERVICES INFORMATION The ability to protect Defense ASSURANCE and assure information SERVICES and infostructure Active Defense Exploitation Exploitation Capabilities Attack 12 * ISRM - Information Services Reference Model
Recommend
More recommend
