Defensive CYBER Operations

Abstract

Defensive Cyber Operations (DCO) falls within Line of Effort (LOE) 1 of the Network Modernization Strategy framework, which incorporates cyber capabilities that support the employment of the network as a weapon system. FY 2020 RDTE DCO efforts consists of the following critical capabilities: -Tactical DCO Infrastructure (TDI): System (automated on boot infrastructure to deploy DCO Tools on the Tactical Server Infrastructure (TSI)) which resides within the Command Post, at Brigade through Corps, for both organic Cyber Network Defenders as well as remote access by CPT to support defense of the tactical network (PEO C3T) -Cyberspace Analytics (CA): Identification of threat trends, behavior patterns, and Techniques Tactics and Procedures (TTPs) relative to associated portions of the information environment. The cyberspace analytics capability offers an integrated platform that can be leveraged across all security enclaves (NIPRNET, SIPRNET, and JWICS) to enhance both DCO and Department of Defense Information Network (DODIN) operations (PEO EIS) -Mission Planning (MP): An application-based, scalable warfighting capability for Army DCO mission command and planning at the global, regional, and local levels. DCO MP enables integration, coordination, and synchronization of supported and supporting cyberspace defenders (PEO EIS) -Tools Suite: Flexible and dynamic suite of warfighting capabilities that enable Cyber Mission Forces and other cyberspace defenders to perform functional categories consisting of site survey; risk assessment; observation; intel support; counter-mobility; developer/operator (DEVOPS), event correlation, and command and control (PEO EIS) -Garrison DCO Platform (GDP): Prepositioned, dedicated compute and storage resources residing at high/extremely high risk installations. Provides cyberspace defenders a remote maneuver capability in order to augment and/or support cyberspace defenders existing at designated bases, posts, camps, or stations by preserving an organization's ability to utilize mission critical data, networks, net-centric capabilities, and other designated systems (PEO EIS) -Deployable DCO System (DDS): A deployable kit, with dedicated compute and storage for austere environments that do not have prepositioned infrastructure or locations for which prepositioned DCO resources do not provide adequate capacity. The DDS allows global cyberspace defenders (e.g. CPTs) the ability to jump into a network, physically, onsite and gain a position of advantage to augmenting organic local and/or regional cyberspace defenders (PEO EIS) -User Activity Monitoring (UAM): The primary capability within the Army's overall insider threat detection (InT) program. UAM is a software-based, scalable solution that proactively identifies and mitigates internal risks associated with the theft and misuse of critical, mission essential data. UAM utilizes full-spectrum solutions to assess, deter, deny, defend, defeat, and evolve against the insider threat hub (PEO EIS) -Forensics and Malware Analysis (F&MA): Warfighting capability adheres to the global standard in digital investigation technology for global or regional cyberspace defenders who need to conduct efficient, forensically-sound, data collection and examination either remotely or locally using a repeatable and defensible process. Forensics gives cyberspace defenders the ability to triage by quickly viewing and searching potential evidence in order to determine whether further examination is warranted (PEO EIS) -Advanced Sensors: Real-time discovery of specific advanced or sophisticated cyber threats and vulnerabilities on a critical system or segment of the network. Advanced sensors provides an automated monitoring and incident handling capability lower in the network architecture (access layer) to conduct over-watch for high-risk units or systems that normally operate out of view ("last mile") from traditional security or DCO measures (PEO EIS) -Threat Emulation: Software and hardware based suite of tools used by a Cyber OPFOR to gain access to evaluated networks and systems using multi-vectors of unknown ("blackbox"), partially known ("graybox"), or known ("whitebox") access methods. Enables the implementation of real world threat tactics, techniques, and procedures against risk areas in order to reveal extremely high-risk security exposures and demonstrate the operational impact of a potential attack (PEO EIS) -Counter Infiltration: Software/hardware array of components that retrogrades mission critical assets from virtual areas under a cyber threat actor's control using stealth, deception, surprise, or clandestine movements. The capability allows commanders and leaders to trade space for time by slowing down the advanced persistent threat's without becoming decisively engaged (PEO EIS) -Forge: Provides integration and assessment capabilities during the development and integration phases of operations. DCO program will leverage non-FAR based Other Transaction Authorities (OTA) to solicit prototype/new technologies for consideration of procurement decisions. -Rapid Cyber Prototyping: Rapidly develops cyber capabilities identified by the Cyber Mission Forces (CMF) in order to counter advanced, persistent, and sophisticated cyber threats (ARCYBER)

Open PDF

Document Details

Document Type: Project
Publication Date: Oct 01, 2020
Source ID: EV5_0605041A_5_2040_PB_2020

Defensive CYBER Operations

Abstract

Document Details

Tags

Fields of Study

Readers

Technology Areas

Related Documents