TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Cyber Policy and Legal Discussion Session: 4 Track: Army Cyber Command COL John Kent Army Cyber Command / 2nd Army UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED Defense Information Assurance Program, 10 U.S.C. § 2224 10 U.S.C. § 3013 (U) Unified Command Plan (U) General Order, No. 2010-26, 1 Oct 10 Establishment of Army Cyber Command, 1 October 2010 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Protecting Army information is vital to our national security. IA capabilities and actions protect and defend networks, data integrity, and allow us to implement effective computer network defense (CND). AR 25-2, Information Assurance, implements DODD 8500.1 , DODI 8500.2 and DODI 5200.40 , and CJCSM 6510.01 to align Army IA goals and requirements with the DOD Information Management Strategic Plan. 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED Actions taken to protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks CJCSM 6510.01A, citing, DOD Directive 8530.1 Monitoring, analysis, detection activities, including trend and pattern analysis, are performed by multiple disciplines within the DOD, e.g., network operations, CND Services, intelligence, counterintelligence and law enforcement. DOD Directive 8530.1 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Lead Government Entity & Primary Purpose Multiple Disciplines Incidents/Intrusions/Attacks Network Ops – CERTs/NOSCs User abuse Intelligence Espionage Counterintelligence Foreign Agent Law Enforcement Crime POTUS Hostile Act/Intent 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR Law Enforcement Activity involves US citizens Pen register, trap and trace; Title III wiretap; FISA LANDWARNET 2011 UNCLASSIFIED FBI NIPC DCIOs Other Fed/ State Orgs Technical analysis of intrusion characteristics CERTs ID, log analysis, forensics ECPA “Service Provider” exception Intelligence/CI Foreign sources are involved FISA; EO 12333; DODD 5240.1-R 2011-08-24// Cyber Policy and Legal Discussion DIA NSA CIA FBI Service CI Attribution ! Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 To protect against the threat, the Army has established the Army Computer Emergency Response Team (ACERT). The ACERT provides the Army with the capability to prevent, monitor, detect, and respond to AIS security incidents. The ACERT leverages and integrates intelligence support and network/system management capabilities to a unified C2 Protect effort. As part of its mission, the ACERT has initiated the Computer Defense Assistance Program (CDAP). Army Regulation 380–53, Security Information Systems Security Monitoring, 29 April 1998 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 The CG, NETCOM/9th SC (A) will operate, manage, monitor, administer, and defend the Army portion of the global information grid. (GNOSC & TNOSCs) AR 25-2 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Exercise command and control of the ACERT and all of its components (including RCERTs). Establish tactics, techniques, and procedures (TTPs) for the ACERT, RCERTs, as required. Serve as focal point for security incidents and violations. In coordination with law enforcement (LE) and counterintelligence (CI) agencies, develop and publish response guidelines, checklists, and procedures. AR 25-2 (Originally Cdr, 1st IOC, assumed by ARCYBER) 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Army Cyber Command is the lead for Army missions, action and function related to cyberspace, including the responsibility for planning, coordinating, integrating, synchronizing, directing and conducting Army network operations and the defense of all Army networks. (U) General Order, No. 2010-26, Establishment of the U.S. Army Cyber Command, 1 October 2010 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Monitoring networks. Network monitoring . . . number of actions . . . to ensure proper performance and management. When any of these monitoring activities involve intercepting (capturing in real time) the contents of wire or electronic communications, they must fall within the limits of an exception to Federal statute. E.g., the service provider exception of Wiretap statute allows SA/NA to intercept, use, and disclose intercepted communications as long as the actions are conducted in the normal course of employment and the SA/NA is engaged in an activity that is necessary to keep the service operational or to protect the rights or property of the provider. Therefore, IA personnel must consult with counsel to ensure that activities involving systems management and protection are properly authorized. AR 25-2 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Wiretap Statute Pen Register / Trap & Trace Statute Stored Communications Act Banner and User Agreement DAA Authority 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED Federal Wiretap Statute: 18 U.S.C. §§ 2510-2520. •BLUF: Even if the interception of communications is permissible under the Fourth Amendment, the Wiretap Statute may prohibit it •Beyond Fourth Amendment requirements Prohibits a third party (like the government), who is not a party to the communication, from intercepting private communications using an electronic, mechanical, or other device unless a statutory exception applies (18 USC § 2511(1)) 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 “provider of . . . electronic communication service” may intercept or disclose communications on its own machines “in the normal course of employment while engaged in any activity which is a necessary incident to . . . the protection of the rights or property of the provider of that service.” 18 U.S.C. § 2511(2)(a)(i) 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED Broad authority with focused purpose Applies to “provider*s+ of electronic communication services” (i.e., Army) Authorized to intercept, disclose, or use network communications to protect rights & property of the provider or to ensure the system continues to provide service 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED Allows for real-time monitoring – “intercepting” •No court order or warrant required SysAds can track hackers within their networks to prevent further damage Doesn’t allow unlimited monitoring Need “substantial nexus” between threat and property •“Reasonable and tailored” 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED The Service Provider Exception is a limited exception. Not a criminal investigator’s privilege. 18 U.S.C. § 2511(2)(a)(i) 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED DoD Notice and Consent Banner •Invalidates DoD employee’s reasonable expectation of privacy in their Gov’t computer •Banner puts users on notice Computer cannot be used for illegal activity Third-party monitoring Security measures in place for supporting Gov’t info systems, not for personal privacy reasons 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Investigation of a crime Constitution, 4th Amendment Domestic Statutes (see Matrix) Mutual Legal Assistance Treaties, Agreements USA PATRIOT Act Nation-wide Search Warrants Computer Trespasser Provisions Computer Trespasser Exception; 18 U.S.C. 2511(2)(i) Allows law enforcement to intercept communications to or from “computer trespassers” 18 U.S.C. 2510(21) Even if trespasser is using system as a pass-through to other down-stream victims A “computer trespasser” Is a person who accesses network “without authorization” and “thus has no reasonable expectation of privacy…” Excludes a person known by the provider to have an existing contractual relationship with the provider for use of the system 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Intelligence Organizations Under the DCI, Title 50, National Foreign Intelligence Program Under Secretary of Defense, Tactical DoD Counterintelligence Components E.O. 12333 DoDD 5240.1, DoDD 5240.1-R Foreign Intelligence Surveillance Act 50 USC 1801 USA PATRIOT Act 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR EO 12333 / DoD 5240.1-R SIGINT Cyber POTUS POTUS SECDEF SECDEF DIRNSA CG, INSCOM LANDWARNET 2011 UNCLASSIFIED SECARMY CG, CYBERCOM CG, ARCYBER DoDI 0-3115.07 USSID 1000 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR EO 12333 Exercise responsibility for SIGINT; Operate an effective and unified organization for SIGINT; Control collection and processing of SIGINT activities; Assign resources to an appropriate agent for such periods and tasks as required for the direct support of military commanders. No other Department or Agency is authorized to engage in any SIGINT activities without an express delegation from SECDEF 2011-08-24// Cyber Policy and Legal Discussion LANDWARNET 2011 UNCLASSIFIED DoDI 0-3115.07 Supervise, fund, maintain, and operate NSA and the US SIGINT System (USSS)as a jointly-staffed, unified SIGINT organization; Exercise control of all SIGINT collection, processing, analysis, production, and dissemination activities of the US.; Exercise SIGINT OPCON over SIGINT activities of the USSS to respond most effectively to military and other SIGINT requirements by: • Delegating standing SIGINT SOTA to the Mil Depts with organic SIGINT units permanently assigned under their command; • Delegating temp. SOTA to commanders on a case-bycase, mission specific basis to permit those commanders to directly task designated SIGINT units and assets assigned to their command to achieve their mission objectives; • Approving SIGINT missions for SIGINT units or assets assigned to and under the OPCON of a commander; • Retaining SIGINT OPCON of all SIGINT resources fulfilling national SIGINT requirements Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 Constitution UCP USSTRATCOM Mission USCC Title 10 U.S.C. 162, 163, 164 EXORD, OPORD International Law Standing Rules of Engagement LOAC 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR LANDWARNET 2011 UNCLASSIFIED Combine CNO Disciplines Interacting Authorities CND – Title 10 implementing 18 USC 2511(2)(a)(i) Intelligence – Title 50 LEA Dual Authorities Granted by DIRNSA Intelligence Oversight Plan 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED LANDWARNET 2011 703-706-1190 [email protected] [email protected] [email protected] 2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command UNCLASSIFIED
© Copyright 2026 Paperzz