Defensive CYBER Tool Development

Abstract

Defensive Cyber Tool Development (DCTD) and Cyber Situational Understanding (SU) fall within Line of Effort (LOE) 1 of the Network Modernization Strategy framework, which incorporates cyber capabilities that support the employment of the network as a weapon system. Overall, Defensive Cyber Operations (DCO) and Cyber SU provide the tools and insight to proactively protect and defend the network at the tactical and strategic levels, thereby enabling the network to operate unfettered from the threat of cyberattacks. CY5 Cyber SU: Cyber SU supports Cyber Electromagnetic Activity (CEMA) operations by providing visualization of CEMA information to improve planning, coordination, integration and synchronization of cyberspace operations and unified land operations. Cyber SU provides the Brigade to Corps commanders the visualization of physical (geographically), logical (at a specific network internet protocol), and cyber persona layers (bad actors, from individuals to nation states) of cyberspace based on data/information from multiple sources and sensors to produce a CEMA overlay on the commander's Common Operational Picture (COP) within the Command Post Computing Environment (CPCE). Supporting CEMA, Cyber SU synchronizes and integrates red (enemy), grey (commercial/private sector) and blue (friendly) cyberspace data, and enables collaboration at the tactical echelon. Further, in support of the Military Decision Making Process (planning and decision cycles), Cyber SU provides tactical commanders with a broad understanding of CEMA threats by informing the commander of any cyber related impacts to physical domains, unified land operations, and the overall mission. EV5 DCO: The DCO group of programs develops, assesses, deploys, learns, and iterates essential cyberspace warfighting capabilities consisting of solutions based upon an infrastructure, platform, and tool/payload approach. DCO capabilities are required in order to actively predict and conduct reconnaissance (search and discover) against advanced cyberspace threats (to include insider threats) and vulnerabilities that do not trigger or generate warnings using routine security measures. Additionally, DCO capabilities allow the Army to outmaneuver adversaries by performing preapproved, automated, agile, internal countermeasures that stop or mitigate cyberspace attacks. Moreover, DCO capabilities enable the Army to conduct cyberspace defense mission planning and protection that identifies and assures the availability of tasked critical assets and infrastructure supporting Army, DOD, host nation, and civil authority actions or missions. The overall objective is to achieve survivability of networks, IT platforms, and data through counter-mobility actions, dynamic movement of tasked critical assets, and security enhancement measures. This assures commanders from U.S. Army Cyber Command (ARCYBER) and other Army Service Component Commands Brigade through Corp down to the tactical level can execute national, joint, and/or Army operational and tactical missions. These capabilities enable ARCYBER to support U.S. Cyber Command (USCYBERCOM) and defend all Army networks as part of its Service-retained responsibilities. DCO capabilities also enable Army National Guard and Reserve forces to support USC Title 10 missions under the auspices of ARCYBER or other major commands. DCO supports material solutions aligned to requirements outlined in the 26 October 2016 Joint Requirements Oversight Council (JROC) Defensive Cyberspace Operations Information Systems Initial Capabilities Document (IS ICD). DCO related infrastructure, platforms, and tools/payloads enable the Army to maneuver, conduct reconnaissance, execute counter-mobility actions, and command and control DCO people, processes, and technologies within friendly cyberspace. DCO programs will allow near real-time employment of passive and active measures to preserve the ability to utilize friendly cyberspace capabilities and protect data, networks, net-centric capabilities, and other designated systems. These programs directly support USCYBERCOM Integrated Priority List #2 Produce Advanced Cyberspace Infrastructure and #5 Defensive Forces to execute passive and active defense operations at net-speed.

Open PDF

Document Details

Document Type: R2 Budgetary Justification
Publication Date: Oct 01, 2020
Source ID: 0605041A_5_2040_PB_2020
Change Summary Explanation: CY5 FY 2020 Base funding in the amount of $20.183 million was aligned to a new program element for Cyber Situational Understanding (SU). EV5 FY 2019 Base funding in the amount of $2.830 million was decremented from the DCO program, as decided by the Joint APPN Conference due to prior year carryover. EV5 FY 2020 Base funding in the amount of $26.921 million was reduced due to Army priorities.
Service Agency Name: Army

Entities

Organizations

United States Army

Defensive CYBER Tool Development

Abstract

Document Details

Entities

Organizations

Tags

Communities of Interest

DTIC Thesaurus Topics

Fields of Study

Readers

Technology Areas

Related Documents