industry day netops/cyber breakout session › files › presentations › afceaaber… · industry...

CONNECTING OUR SOLDIERS

Industry Day – NetOps/Cyber

Breakout Session

23 September 2014

22 September 2014

CONNECTING OUR SOLDIERS

NetOps / Cyber Overview

• ASA(ALT) Integrated NetOps Trail Boss – AAE designated PEO C3T in June 2012 to integrate and converge NetOps

capabilities across ASA(ALT) to provide more effective network capability to the Warfighter– includes both enterprise and tactical NetOps

– Work with Army CIO/G6, TRADOC, NETCOM, and other PEOs within Army to identify opportunities for NetOps integration and convergence

– Developed NetOps Information Exchange Specification to define the required info exchanges and to simplify NetOps interoperability going forward

– This session will provide overview of the NetOps Info Exchange Specs and how they relate to NetOps priorities within STARNET.

• Cyber Security Roadmap – Identifies and prioritizes current security threats and weaknesses and

recommends courses of action to implement and their associated timelines to implement

– Timelines for implementation vary depending upon the threat area under discussion

– This session will address the high priority areas of the Cyber Security Roadmap and how they relate to Cyber priorities within STARNET

2 22 September 2014

UNCLASSIFIED | For Public Release

CONNECTING OUR SOLDIERS

NetOps Info Exchange Specs

3 22 September 2014

• Army NetOps capabilities are currently developed and fielded as ‘closed system’ or ‘closed architecture’ specific capabilities

• Specifications developed that define and facilitate information exchanges between

the NetOps systems, tools and services.

– Enable rapid development and integration of new NetOps capabilities into effective, end-to-

end, NetOps services

• Applicable to all NetOps services, systems, tools, and devices – Information exchange is at the network layer (IP) and above

– Specifications support both IPv4 and IPv6

• Do not include all currently used standards or protocols – Intentionally constrains future acquisition to a reduced optimum set of these standards

• To be referenced as part of all future solicitations for the acquisition of NetOps systems and services

• Would not impose requirement to modify existing/currently fielded NetOps systems & capabilities due to resource limitations

CONNECTING OUR SOLDIERS

NetOps Info Exchange Specs

4 22 September 2014

• Managed Element (ME)

– A manageable physical or logical entity, e.g., radio, router, computer system, virtual

machine, application, service, other

• NetOps Manager (NM)

– A software application, system, or service used in managing NetOps elements, e.g.,

SolarWinds, CA Spectrum, Microsoft SCCM, BMC ITSM

• NetOps Information Exchanges

– Defines content, format and protocol for movement of NetOps information

– Open standards based, e.g., SNMP, Web Services

• 132 Specs written across nine Info Exchanges – Currently in Army Staffing with plan to publish on 21-November 2014

– Army CIO/G6 & ASA(ALT) to jointly publish (co-signatories) as technical standards for future acquisition of NetOps capabilities

CONNECTING OUR SOLDIERS

NetOps Info Exchange Specs

5 22 September 2014

Content

Format

9/22

/201

4

Managed

Element

NetOps

Manager

1

NetOps

Manager

2 Inventory

Reports

Alerts

Tickets

Configure

Monitor

Event Software

Plugin

Software

Plugin

Software

Plugin Software

Plugin

Software

Plugin

Software

Plugin

Initialize

Discover

SNMPv3 ICMP WS-MAN HTTPS REST HTTP

Syslog IPFIX SNMP Trap

CIM from DMTF

XML from W3C

CIM from DMTF MIB-2/Vendor MIB

IPFIX Syslog NETCONF

XML from W3C ASN.1 Syntax

CONNECTING OUR SOLDIERS

NetOps Capability Improvements

Aligned to

NetOps Focus Areas for STARNET:

– NetOps Simplification

– Network Discovery Service

– Common Visualization Dashboard

– Use of COTS in DIL environment

– Provisioning System

Each related to NetOps Info Exchange Specs

6 22 September 2014

CONNECTING OUR SOLDIERS

NetOps Simplification

• Converge NetOps Tools onto fewer hardware platforms

• Simplify user interfaces

• Reduce number of steps required for operators to build network plans

• Simplify Unit Task Reorganization (UTR)

– Defining standards to support simplified initialization and reconfiguration of systems

• NetOps Info Exchange Specs will be leveraged

• Related to Configure Info Exchange (NetOps Manager to Managed Element)

– Developing UTR CONOPS

– Integrate OTAM solution

– Need GUI interface to simplify execution of UTR

7 22 September 2014

CONNECTING OUR SOLDIERS

Network Discovery Service

• Need service with capability to discover nearby networks – Includes radio networks such as SRW or WNW

– Includes Wi Fi discovery

• Needs to be ongoing background task – Depends on phase of battle, network condition, or how network has been

configured

• Related to Discovery Info Exchange (NetOps Manager to Managed Element)

8 22 September 2014

CONNECTING OUR SOLDIERS

• Need ability for NetOps tools to be able to share network monitoring

information with a common dashboard

• Dashboard itself is not needed

• Related to Monitor Info Exchange (NetOps Manager to Managed

Element)

9 22 September 2014

Common Visualization Dashboard

CONNECTING OUR SOLDIERS

• Need to utilize COTS tools that are optimized for

Disconnected, Intermittent, Low-Bandwidth (DIL)

environment

• Need to be optimized for satellite communications

• Need to assume low bandwidth availability

• Can not rely on constant communications

• Related to all Info Exchanges

10 22 September 2014

Optimization of COTS in DIL Env

CONNECTING OUR SOLDIERS 11 22 September 2014

• Create a process to decrease

amount of time need to reimage

configuration items

• Assist in software patching / IAVA

delivery

• Related to Initialize and Configure

Info Exchanges (NetOps Manager

to Managed Element)

Provisioning System

CONNECTING OUR SOLDIERS

Cyber Capability Improvements

Aligned to

Top 6 Cyber Focus Areas for STARNET

– Warfighter Authentication

– Improved Cyber Situational Awareness

– Platform Resilience

– System Maintenance and Automation

– Network Simplification

– Data Leakage

12 22 September 2014

CONNECTING OUR SOLDIERS

Authentication

Migrate away from IDs, passwords, tokens, and other current

authentication methods to simplify operations for the Warfighter

• Leverage existing technologies to implement stronger authentication and

authorization of network resources

• Provide a method that does not solely rely on tokens, passwords and

IDs as a means to provide authentication of personnel to platforms and

applications

• Conduct parallel work to tie non-hardware based authentication to

Enterprise level resource access.

13 22 September 2014

CONNECTING OUR SOLDIERS

Improved Cyber SA

Drive improvements in Cyber Kill Chain detection,

containment, and response

• Continue deployment of event aggregation to SEIM infrastructure

• Continue developments of alerting and reporting architecture

• Leverage Cyber Analytic Cloud platform

• Improve visualization and response

14 22 September 2014

Recon

Weaponize

Deliver

Exploit

Control

Execute

Maintain

CONNECTING OUR SOLDIERS

Improve Platform Resilience

Determine alternative protection that works and meets DoD

and Tactical risk management requirements

• Refine anti-virus and anti-malware type solutions to provide optimal,

useful, and timely cyber SA for Commanders to support improvements

in Cyber Kill Chain containment and response.

• Identify and implement alternative solutions (e.g., whitelisting, non-

volatile images) for tactical systems.

• Continue to research and test more advanced capabilities for future

implementation.

15 22 September 2014

CONNECTING OUR SOLDIERS

System Maintenance

Improve current capabilities for supporting deployed systems and applications

• Secure System Configuration

– Ensure configuration integrity for Security Technical Implementation Guidance (STIG) and Information Assurance Vulnerability Alert (IAVA) conformances

– Evaluate alternative methods for standard Virtual Machine images, “thin client” architecture, and increased use of virtualized servers and endpoints

• Upgrades and Patching – Continue work to reduce patching and upgrade timelines

– Investigate the possibility to migrate to virtual workstations in the tactical environment

• SOPs: Automation of controls as opposed to placing the burden on the Warfighter

16

22 September 2014

CONNECTING OUR SOLDIERS

Network Simplification

Simplify and reduce network footprint to improve efficiency,

reduce management effort, and improve controls

• Target a tactical single network architecture

• Provide access via a tunneling approach to external resources

– Consider Virtual Network technologies for tunneling non-critical devices

• Virtualization and sandboxing of platforms for access.

• Support future mobile deployment (e.g., Android, iOS)

• Replace traditional firewalls and segmentation

17 22 September 2014

CONNECTING OUR SOLDIERS

Data Leakage

18 22 September 2014

Support improvements in DoD tactical collaboration while

providing enhanced data movement protection

• Improve content aware functional processing

• Implement platform changes for data centric access management

• Implement Application and Systems strategies for boundary

containment

• Identify and detect sensitive data movement in real-time

• Leverage Big Data analytics

CONNECTING OUR SOLDIERS

Your Questions

19 UNCLASSIFIED | For Official Use Only

22 September 2014