Shaping Cyberspace for Our
Advantage
Randy Cieslak
Chief Information Officer
12 November 2013
1
Shaping Cyberspace to Our Advantage
1.
2.
3.
4.
5.
Understanding Cyberspace
Characterizing Cyberspace
Using Cyberspace
Protecting Cyberspace using Risk Management
Protecting Cyberspace through the Information Assurance
Framework
6. Suggestions, Solutions and Our Way Ahead
2
Understanding Cyberspace
“Gimme some of that cyber stuff”
“Release the cyber forces!”
3
Cyber – Historical Background
• Cyber: Greek: steersman, pilot, helmsman; to steer, guide, govern,
governor
• Used today as the short term for “cybernetics” which means:
– The science or study of communication in organisms, organic
processes, and mechanical or electronic systems.
• Coined by U.S. mathematician Norbert Wiener (1894-1964) who
hypothesized that there is a similarity between the human nervous
system and electronic machines.
• In his book, Neuromancer (1984), science fiction writer William Gibson (b.
1948) presents the idea of global information network called the Matrix, and
the term Cyberspace, by which he meant a virtual reality simulation with a
direct neural feedback.
– During the years since Gibson wrote Neuromancer, other names have been created for that
shadowy space where computer data exist: the Internet, the Net, the Web, the Cloud, the
Matrix, the Metaverse, the Datasphere, the Electronic Frontier, and even the Information
Superhighway.
– Gibson’s coined term may be the most lasting because by 1989 it was borrowed by the
online community to describe today’s interconnected computer systems; especially, the
millions of computers on the Internet, and not just a science-fiction fantasy in the author’s
imagination.
Source: WordInfo.info, Senior Scribe Publications under normal fair use exceptions.
4
Cyberspace Definitions
• Cyberspace: the interdependent network of information technology
infrastructures, and includes the Internet, telecommunications
networks, computer systems, and embedded processors and
controllers in critical industries. Common usage of the term also
refers to the virtual environment of information and interactions
between people.
National Security Presidential Directive 54/Homeland
Security Presidential Directive 23 (NSPD-54/HSPD23)
• Cyberspace Operations: The employment of cyber capabilities
where the primary purpose is to achieve objectives in or through
cyberspace. Such operations include computer network operations
and activities to operate and defend the Global Information Grid.
JP 1-02
5
Cyberspace Definitions (continued)
• Cybersecurity Policy: The strategy, policy, and standards regarding
the security of and operations in cyberspace, and encompasses the
full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and
recovery policies and activities, including computer network
operations, information assurance, law enforcement, diplomacy,
military, and intelligence missions as they relate to the security and
stability of the global information and communications
infrastructure. The scope does not include other information and
communications policy unrelated to national security or securing
the infrastructure.
White House Cyberspace Policy Review,
June 2009
6
Characterizing Cyberspace
“Information Technology and Cyber are different.”
Huh?
7
UNCLASSIFIED//FOUO
Cyber / Infostructure Modernization Approach
1. Framework to capture efforts
2. Objectives, guidelines and principles to map efforts to the
framework
3. Solutions to meet the requirements from the objectives
4. Architecture that maps the solutions to implementation
5. Plans to implement the solutions
6. Projects to execute the plan
7. Infostructure (Information Infrastructure) Info to provide capability
services
8. Services to provide and enable capabilities
9. Capabilities to accomplish the mission
10. Mission to support and protect our national interests
8
USPACOM C2/CS Architecture Framework
Based on the Information Services Reference Model
Strengthen
Relationships
Cooperative Security
Arrangements
Robust Military
Capability
Reduce Violent
Extremism
STRATEGIC LAYER
Protect the Homeland
Strategic
Direction
Exchange
Situational
Information
Information Retrieval
Content Discovery / People
Discovery / Service Discovery
Mediation
Make Sound
Decisions
Monitor Plan
Execution
OPERATIONS LAYER
Operational Logic
Business Rules
Data Sourcing
Timely and Accurate
Provide /
Obtain
Authorities
Deter
Adversaries from
using WMDs
Deter Military
Aggression
Maintain SA /
Replan as
Necessary
Allocate
Forces (JTF)
Based on
ADM Willard’s C2 Cycle
Information Conditioning
Common formatting and tagging
Presentation &
Knowledge Management
Dashboards
Rendering information for mental consumption
INFORMATION CONTENT LAYER
Command & Control Battlespace Awareness Force Application
Protection
Building Partnerships
Common Applications
GCCS / NECC
IntelLink / Intelipedia
BMD / JADOCS
TSCMIS / APAN
Corporate
File / Print / Share / E-Mail / Web / Chat /
NetCentric
Logistics
Management
Office Automation / AMHS /GPS /
Force Management
GCSS
& Support
Voice / Video / Collaboration NCES/DCO/CyberDefense APPLICATIONS LAYER
Information
Conditioning &
Control
Tactical
Network
Enclave Mgt.
Identification &
Authentication
POTS
Vulnerability
Mgt.
NIPRNET
SIPRNET
JWICS
NSANet
VPNs
NETWORKING & ENCLAVING LAYER
Space Sensors
Unattended Autonomous Vehicles
Internet
Terrestrial / Undersea
Undersea Cabling Area Cable Plants
Defense Data Transport Services
Commercial Data Transport Services
Weapon Platforms
Cyber Sensors
SENSORS SENSOR
ACTUATORS
& COMPUTING
LAYER
& ACTUATOR
LAYER
Undersea Sensors
Ground Sensors
USAF-Led
JTF
Army-Led
JTF
JSOTF
Personnel
Education &
Awareness
CENTRIXSs
Wireless Mobile Phone / IP Data
LOS/BLOS Radio
Commercial Space Military
WiFi
GSM
EVDO
INMARSAT
DSCS AEHF EHF-LDR TSAT UHF VHF HF TMR LMR WIMAX
CWSP Iridium
WGS EHF-MDR GBS UHF
JTRS
TELECOMMUNICATIONS LAYER
BBS
Overhead Sensors
Incident
Mgt.
Continuity
of Ops.
(BACKPLANE)
DVS-G
DSN
Physical
Enclave Mgt.
INFORMATION ASSURANCE LAYER
Authorization &
Privilege Mgt.
Link 11 Link 16
TADIL-A TADIL-J
Boundary
Defense
USMC-Led
JTF
Navy-Led
JTF
Agency-Led
JTF
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Cyber Discussion Framework
Dimensions of Cyberspace
Lines of Cyberspace
Operations / Capabilities
Physical
Logical
(Virtual)
Cognitive
(Mental)
Provisioning
Information
Capabilities
Operations
Defense
Active Defense
Exploitation
Capabilities
Exploitation
Attack
10
11
The products and
payload for awareness,
knowledge, and
understanding
APPLICATION
SERVICES
The ability to process,
display, produce and
consume information
The ability to connect
communities for sharing
and collaboration
NETWORKING
SERVICES
TELECOMMUNICATION The ability to move and
distribute signals, data
SERVICES
and information
* ISRM - Information Services Reference Model
INFORMATION
CONTENT
SERVICES
The ability to protect
and assure information
and infostructure
Work and activities to
make decisions and
produce results –
fueled by information
INFORMATION
ASSURANCE
SERVICES
PROCESS,
TASKS &
TRAINING
SERVICES
EDGE/COMPUTING The ability to sense and
process data, and
SERVICES
execute controls
Attack
Exploitation
Exploitation
Capabilities
Operations
Information
Capabilities
Activities and resources
that provide manpower,
facilities, consumables
and technical support of
the Infostructure
Active Defense
SUPPORT,
MAINTENANCE,
SUSTAINMENT,
SHELTER & SPACE
Defense
Policies, guidance and activities
to design, plan, resource,
organize, coordinate and oversee
information capabilities and uses
Overarching set of
activities to
accomplish a major
objective
Provisioning
Physical
GOVERNANCE,
PLANNING, &
MANAGEMENT,
DEVELOPMENT
ARCHITECTURE,
Cognitive
(Mental)
Logical
(Virtual)
Lines of Cyberspace
Operations / Capabilities
Dimensions of Cyberspace
Cyber Discussion Framework with ISRM*
UNCLASSIFIED//FOUO
MISSIONS,
OPERATIONS
& EFFORTS
Cyber Discussion Framework with ISRM* for Dependencies
Dimensions of Cyberspace
Lines of Cyberspace
Operations / Capabilities
Provisioning
GOVERNANCE,
PLANNING, &
MANAGEMENT,
DEVELOPMENT
ARCHITECTURE,
MISSIONS,
OPERATIONS
& EFFORTS
Work and activities to
make decisions and
produce results –
fueled by information
Overarching set of
activities to
accomplish a major
objective
INFORMATION
ASSURANCE
SERVICES
PROCESS,
TASKS &
TRAINING
SERVICES
NETWORKING
SERVICES
The products and
payload for awareness,
knowledge, and
understanding
Activities and resources
that provide manpower,
facilities, consumables
and technical support of
the Infostructure
Defense
Policies, guidance and activities
to design, plan, resource,
organize, coordinate and oversee
information capabilities and uses
to sense and
EDGE/COMPUTING The abilityAPPLICATION
process data, and
SERVICES
SERVICES
execute controls
TELECOMMUNICATION
SERVICES
Cognitive
(Mental)
INFORMATION
CONTENT
SERVICES
Operations
Physical
SUPPORT,
MAINTENANCE,
SUSTAINMENT,
SHELTER & SPACE
Information
Capabilities
Logical
(Virtual)
The ability to protect
and assure information
and infostructure
Active Defense
Exploitation
Capabilities
Exploitation
Attack
* ISRM - Information Services Reference Model
12
Cyberspace Operations at USPACOM
Operations (J3):
• Make decisions
• Execute C2
• Assess impacts
Joint Cyber Center
Fuses these operations
Intelligence (J2):
• Assess adversary info gains
• Assess threats & vectors
• Assess adversary vulnerabilities
ACT
ACT
DECIDE
Friendly
Decision Loop OBSERVE
OBSERVE
“Cyberspace
Box”
DECIDE
ORIENT
ORIENT
Communications (J6) :
• Enable capability
• Empower users
• Protect information
• Maintain security
• Respond to threats &
vulnerabilities
Adversary
Decision Loop
CYBERSPACE
Commons
Neutral
Friendly Adversary
Cognitive
Information
Service
Reference
Model
(ISRM)
Logical
Physical
13
Using Cyberspace
“Wouldn’t life be better without computers and cell phones?”
“I hate PowerPoint.
“I hate e-mail.”
“I hate ...”
14
Why we need good information capabilities
•
•
•
•
•
•
•
Effective work
Information Actions
Good decisions
• Direct
Situation awareness
• Guide
Learning and understanding
• Inform
Automatic responsive control
• Report
Command and control
Collaboration, coordination and cooperation
15
Our Challenge in Cyber
INFORMATION & APPLICATIONS
Share with partners
Protect against adversaries
In fo rm a tio n P u s h
C o lla b o ra tio n T o o ls
C r o s s -IN T in te llig e n c e
p r o d u c ts
S e le c t P r o file :
P r o file 1
C o lla b o ra tio n b e tw e e n
A n a ly s ts , C o n s u m e rs
W h i t e B o ar d
C h at
V id eo /A u d io
S h ar ed A p p s
P ro d u c t S ta tu s
S ta tu s o f p r o d u c tio n
ta s k s
A
B
S e a rc h
C o lle c tio n S ta tu s
.
.
S ta tu s o f c o lle c tio n ta s k s
.
In fo r m a tio n S e a rc h o f
A ll IN T In te l S o u r c e s
K ey W o rds :
P r o d u c t T a s k in g
E m a il/M e s s a g in g
In p u ts fr o m c o n s u m e r ,
P r o d u c t a v a ila b ility
Everyday
Applications
Our Challenge in Cyber
Emphasis on Sharing
• Easier to exploit
• Good interoperability
• Ease of providing new applications
• User friendly
• Rapid development
Emphasis on Protecting
• Harder to exploit
• Frustration with safeguards &
controls
• Poor interoperability
• Technology obsolescence
• Slower development
Our Challenge in Cyber
Balancing Sharing and Protection
• Harder to exploit
• Good interoperability
• Ease of providing new applications
• User friendly
• Rapid development
Information Assurance
• Available - Making sure the information is there when we need it
• Sharable - Making sure the information can be disseminated to those
who need it
• Integrity - Making sure the information we use, transmit, process, or
stored has not been corrupted or adversely manipulated
• Authorized - Making sure we know and allow those accessing our
information
• Authenticated - Making sure there is someone responsible for the
information being published or disseminated
• Confidential - Making sure the information is protected from
unauthorized disclosure
• Non-Repudiable - Making sure the information is ‘tagged’ so when we
send it – we know it got there, and the recipient knows who sent it
Cyber Actions to Assure Information Capabilities
6. Assure
– Informed sound decisions
– Situational awareness through understanding
– Effective and efficient functional capability (work)
5. Assure effective use of application and production processes
4. Maintain and operate cyberspace
3. Sustain and administrate cyberspace
2. Control and manage the cyberspace configuration
1. Resource, control and manage the cyberspace architecture
20
Protecting Cyberspace
using Risk Management
“A risk assumed by one is a risk assumed by all.”
We can do better than that.
21
Optimizing Risk, Resources and Rewards
Acceptable
Risk
Confidence
Resources
to Achieve
Objectives
Accomplish
the
Mission
Optimal
Capability
Capability
Resources
to Avoid
Failures
Cyber Design & Implementation Must Balance Risk, Rewards and
Resources to Accomplish the Mission
Threat - Vulnerability – Exploitation Matrix
Threat –
Exploitation
Matrix
Exploit
Type
Vulnerability Vector
Human / User
Technical / System
Environmental
Unintended
Negligence, Ignorance,
Lack of Training
System Faults;
Logical, Physical
Natural
Calamities
Exposure
OPSEC Violations
Poor Design
Weak Disclosure Policy
Design Flaws
Weak Classification
Poor Quality
Guidance
Intrusion
Social Engineering,
Manipulation
Lack of Training, Drills
Easiest Exploits
Malicious Software
(Malware)
Mis-Configurations
Natural
Calamities
Natural
Calamities
Most Attended To
23
UNCLASSIFIED//FOUO
Mission Impact Severity Multiplier
Mission Impact
Severity
Multiplier
By increasing severity:
Exploit
Relative Severity Multiplier
Discovery
Bad
x -1
Denial
Worse
x -2
Exposure
Even Worse
x -3
Exfiltration
Worse Still
x -4
Deception
Almost Worst
x -5
Takeover
Worst
X-10
24
Defending Cyberspace Through Risk Management
Adverse Intent
Exploitation
Capability
Risk = f
Asset Value
Information Value
Mission
Accomplishment
Operational Capability
Endeavor Success
Lives at Stake
Threat x Vulnerability x Impact
Assurance Measures
Architecture
Asset & Configuration
Management
Controls, Measures, Safeguards
Policies, Practices, Processes
Education, Training, Awareness
Culture
Defending Cyberspace Through Risk Management
Risk = f
Threat x Vulnerability
Vulnerability =
x Impact
Assurance Measures
f
Access to System Exposure &
Procedural Weaknesses
Public:
Low Access
Partners:
Medium Access
Private:
Selective Access
Administrators: High Access
Users
System
Procedural
x
x
Exposure Weakness
Trust
No certification
No updates
No virus protection
Poor design
No scanning
No firewalls
Weak passwords
Exposed info storage
No backups
Improper disposal
Weak physical protection
Poor training
System design and operation must accommodate varying trust levels
Controlling Risk
Minimize
Risk = f
Threat x Vulnerability x Impact
Assurance Measures
Maximize
Limit Exposure:
Internet
Intranet
Extranets
Computer Hygiene
Software updates
Virus protection
Bot detection
Clean dead files
Manage Access
Adequate Protection
Access control lists
Physical Protection
High assurance guards
Electronic Isolation
Cryptographic Isolation Intrusion detection
“DMZ” & Proxies
Best Practices
Enhanced Practices
Backup data
Honey pots
Manage passwords
Intrusion traps
Maintain vigilance
Redundancy
Understand threats
Diversity
Cyber Defense Solution Elements
1. Compartmentalization
a. Protection of Information Controls
b. Separation of Risk Tolerance Deltas
2. Precise Discretionary Access Control
3. Information Conditioning
4. Cyber Awareness
5. Infostructure Control
6. Infostructure Concealment
Acceptable
Risk
=
Threshold
Information
Sensitivity
User
Trust
=
Required
Security
28
Protecting Cyberspace
through the
Information Assurance Framework
If we can’t describe it, we can’t manage it.
If we can’t manage it, we can’t protect it.
If we’re not building security into the system,
then we’re building the system for the enemy.
29
Cyber Defense Core Depiction
Users
Information
Content
IA / IT / IM
Professionals
System
Infrastructure
Adversaries
30
Cyber Defense Core Depiction – Defense in Depth
USER ACCESS
AND PRIVILEGE
BASED ON
TRUST
Information
Content
Limited
System
Access
Limited
Member
Access
Limited
Information
Access
Community
Enclave
System
Infrastructure
31
Cyber Defense Core Depiction – Defense in Depth
USER ACCESS
AND PRIVILEGE
BASED ON
TRUST
Information
Content
Limited
System
Access
Limited
Member
Access
Limited
Information
Access
Community
Enclave
System
Infrastructure
32
Content-Centric Defense-in-Depth
Leads to IA Measures
1. Information Content
Conditioning & Control
USER ACCESS
AND PRIVILEGE
BASED ON
TRUST
2. Identity Authentication
& Authorization
Information
Content
Limited
System
Access
Limited
Member
Access
Limited
Information
Access
Community
Enclave
System
Infrastructure
6. Education Training &
Awareness
3. Design, Configuration,
Operations & Admin.
7. Continuity of
Operations
4. Cyber Security
Services
5. Physical Security
Services
Information Sharing AND Information Protection
through a seven layer model
Information Assurance Functional Areas
a)
b)
c)
d)
e)
f)
g)
h)
Maintain Integrity
Maintain Availability
Maintain Confidentiality
Manage Trust
Protect Services
Detect Risks
React to Intrusions
Restore Operations
Share
Information
Sustain
Defend
Protect
Information
Respond
Assure the
Mission
Assures communication, collaboration and
information capability for mission accomplishment
Information Assurance Framework
IA Measures
Information
Assurance
Framework
a. Maintain Integrity
c. Maintain Confidentiality
d. Manage Trust
DEFEND
IA Functions
SUSTAIN
b. Maintain Availability
e. Protect Services
f. Detect Risks
RESPOND
g. React to Intrusions
h. Restore Operations
Cost of Implementation >
Framework cells enable higher fidelity in cost-riskbenefit decisions
MITIGATION
CONTROL
Functions
THREAT
RESIDUAL RISK
COST
Mission Impact?
Acceptable Risk?
Acceptable Cost?
36
IAF enables alignment to more accurately target
measures and determine residual risk
Threats
Potential
Vulnerabilities
Controls
Policy
Practices
Remaining
Vulnerabilities
Residual
Risk
Mitigations
Threat Vectors
Functions
Functions
Functions
Functions
Functions
37
IA Readiness Assessments
Reversible
ASSESSMENT
“White Team”
ASSISTANCE
“Green Team”
ANALYSIS
“Blue Team”
EVALUATION
“Red Team”
SUSTAIN
SUSTAIN
E
M
SS s
L S E on
RO AS r a t i
e
NT
CO
O p ons
e
si
or
st
tr u
R e o In
f.
tt
ac
s
sk
Re
Ri
s
e.
ct
ce
te
vi
er
De
tS
d.
t
us
T r ity
gr
te
In
Pr
n
AS
6. Identity Authentication &
Authorization
6. Identity Authentication &
Authorization
4. Security Operations &
Administration
3. Continuity of
Operations
2. Cyber Security
Services
1. Physical Security
Services
FUNCTIONAL
ASSESSMENT
4. Security Operations &
Administration
3. Continuity of
Operations
2. Cyber Security
Services
1. Physical Security
Services
5. Education Training &
Awareness
4. Security Operations &
Administration
3. Continuity of
Operations
2. Cyber Security
Services
1. Physical Security
Services
FUNCTIONAL
ASSESSMENT
FUNCTIONAL
ASSESSMENT
OR
ES
UR E NT
M
6. Identity Authentication &
Authorization
C O N TR O L M EAS UR ES
7. Information Content
Control
C O N TR O L M EAS UR ES
7. Information Content
Control
5. Education Training &
Awareness
e
S
7. Information Content
Control
5. Education Training &
Awareness
ec
ai
ag
ON
ot
an
nt
ai
ES
UR E NT
M
TI
M
M
AS
Information
Assurance
Framework
RESPOND
c.
a.
n
e
S
NC
DEFEND
b.
E
M
SS s
L S E on
RO AS r a t i
e
NT
CO
O p ons
e
si
or
st
tr u
R e o In
f.
tt
ac
s
sk
Re
Ri es
e.
ct
c
te
vi
er
De
tS
d.
ec
t
us
T r ity
gr
te
In
ot
ai
FU
ag
ON
SUSTAIN
Pr
an
nt
ai
ES
UR E NT
M
TI
M
M
AS
Information
Assurance
Framework
RESPOND
c.
a.
n
S
NC
DEFEND
b.
E
M
SS s
L S E on
RO AS r a t i
e
NT
CO
O p ons
e
si
or
st
tr u
R e o In
f.
tt
ac
s
sk
Re
Ri es
e.
ct
c
te
vi
er
De
tS
d.
ec
t
us
T r ity
gr
te
In
FU
e
ON
RESPOND
ot
FUNCTIONAL
ASSESSMENT
DEFEND
ai
1. Physical Security
Services
Specific
set of
measures of
the IA
Framework
is subject to
the
proficiency
activity
ag
2. Cyber Security
Services
A single
functional
area of the
IA
Framework
is subject to
the
proficiency
activity
an
3. Continuity of
Operations
C O N TR O L M EAS UR ES
4. Design, Configuration,
Operations & Administration
All elements
of the IA
Framework
are subject
to the
proficiency
activity
Several
selected
major areas
of the IA
Framework
are subject
to the
proficiency
activity
Pr
s
5. Education Training &
Awareness
TI
Class 4
c.
on
si
CO NT RO L M E ASU RE S
6. Identity Authentication &
Authorization
nt
ai
tru
p
In
O
s
7. Information Content
Conditioning & Control
NC
Class 3
M
e
ce
ity
Information
Assurance
Framework
M
or
s
t
gr
S
RE T
SU EN
E A S SM
M
s
L SE o n
R O A S a ti
er
st
NT
Re
o
vi
sk
er
te
us
In
Tr
Ri
tS
ct
tt
te
ac
De
Re
FU
Class 2
b.
a.
CO
f.
e.
ec
n
e
NS
ot
ag
O
SUSTAIN
RESPOND
d.
Pr
ai
nt
TI
an
ai
NC
M
M
Information
Assurance
Framework
c.
a.
b.
FU
DEFEND
Class 1
Suggestions, Solutions and Our Way
Ahead
It’s a journey, not a destination;
but there are milestones and checkpoints along the way.
39
Suggested Approach
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Categorize information to denote the impact of denial or loss
Determine the extent of exposure to which community
Develop an internet, intranet and extranet design strategy
Develop security measures for each network zone
a) Isolation means
b) Access controls
c) Intrusion detection
Establish policies, practices and procedures
a) Ensure a chain of accountability
Manage system interfaces
Maintain computer host hygiene and control
Provide for awareness, training and education
Maintain readiness:
Monitor – Detect – React – Respond – Restore
Frequently groom and refresh
Use teams of experts
White – Blue – Green – Red
Resource (fund) accordingly
Cyberspace Operational Solutions
• Defendable cyber infrastructure
– Shapeable to meet the threat and respond to emergent operational needs
– Accommodates risk profiles attendant to each COCOM’s specific mission set so
that a risk assumed by one is not a risk assumed by all
• Command Attention to Network and Computer Hygiene
• Sufficient billets and manpower to maintain, shape and operate Cyberspace
• Adequate instrumentation to provide situation awareness, indications and
warnings that can be tailored to each COCOM mission
– To support a tailorable, scalable red/blue cyber dashboard that can support a
cyber common operational picture (COP)
• Authorities and procedures
– To direct cyber activities
– To rapidly ask, task or execute cyber efforts in support of theater missions
• Audit and assessment capability
– To perform deep analysis to discover emergent threat vectors and system
vulnerabilities
• Enhanced planning capability
– To prepare for cyber configuration to be implemented upon mission execution
41
USPACOM’s Cyber Defense Development Approach
• Primary Goal: C2 Assurance
• Challenges: Our C2 infrastructure – “Infostructure,” is inadequate to
support the future needs of decision making and cyber defense
– Agile segmentation without isolation
– Responsive, flexible acquisition
– Defense in Depth
– Agility versus robustness
• Development Drivers
– Unified Command and Control (UC2)
– Computer Aided Network Defense-in-Depth (CANDID)
– Discretionary Risk Acceptance
• Through Cyber Joint Operating Areas (Cyber JOA)
• Operational Network Domains (OND)
• Primary Effort: Joint Information Environment Increment 2
42
Questions, Answers and
Discussion