Protection and Operation of Ip-secure Network Terrain (POINT)
Abstract
The POINT objective is to demonstrate a system to meet the USPACOM’s published requirement for minimum essential command and control in a contested cyber environment. Other COCOMS have similar requirements. Generally, current DoD CONOPS provide network defense at network boundaries. Once penetrated, adversaries have broad range within the network to exfiltrate sensitive data, inject malicious data and code, or deny service to authorized users. The proposed CONOPS employs virtual secure enclaves to segment the network, increasing the layers of defense to further protect key cyber terrain elements. It forces adversaries to try to penetrate multiple protection layers. In addition, the smaller sizes of protected enclaves offer greater ability to surveill and protect the key terrain, such as networked Command and Control sites. This structure allows operational assessment of both the broad network and, independently, the key cyber network terrain. The JCTD will integrate sophisticated computer network defense technologies to provide defense-in-depth by functionally segmenting networks through the deployment of virtual secure enclaves (VSE) to protect key cyber terrain. VSEs employ virtual private networks secured with layers of cryptographic systems. The enclaves, and the network in which they reside, operate with real time network surveillance, network anomalous behavior detection, and centralized router control technologies to provide the capability to adaptively manage risk to operational networks throughout an Area of Responsibility. Implementation of this technology enables network analysts at Combatant Commands (COCOMs), Joint Task Force (JTF) Global Network Operations (GNO), service Network Operations Centers or other analysis centers to filter complex information containing network protocols and packet data in real time to ensure decision making at strategic and operational levels during cyber attacks. The POINT approach aligns with the DoD Computer Network Defense Information Assurance strategy employing defense-in-depth to protect DOD information and information systems. The lead service is the Navy. The plan for final demonstration and assessment is in 2011. This project is sponsored by USPACOM.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2012
- Source ID
- 1607820a38e892da6c679fcc438239b3