Army Cyber Command/2nd ARMY
1 “Second to None!”
AFCEA TECHNET LAND
FORCES EAST
Topic 1: "Tactical and operational
Cyberspace modernization: the
CyberElectromagnetic (CEM) Element"
“Transforming Cyberspace While at War…
Can’t Afford Not To!”
OVERALL CLASSIFICATION OF THIS BRIEF IS
UNCLASSIFIED/APPROVED FOR PUBLIC RELEASE
Army Cyber Command/2nd ARMY
2 “Second to None!”
U.S. Army Cyber Command
“Think there's great opportunity here for the Army to dominate in LandCyber. We're focused on integrating cyber at all levels and increasing the cyber capabilities we provide to commanders, in order to ensure mission command in the conduct of unified operations. This is all about mission command and maintaining our freedom to operate while taking it away from the enemy.”
LTG Rhett A. Hernandez 7 March 2012
Army Cyber Command/2nd ARMY
3 “Second to None!”
Threats
In and From Cyberspace
Social Engineering - Cyber Capabilities
Integrated Bio - Cyber Capabilities
Weaponized Robotics
Reconnaissance and Surveillance Robotics
Weaponized Intelligent Code Based Cyber Bots
Compromised Embedded Processors
Compromised Embedded Network Interfaces
Integrated Smart Delivery /Defense Platforms
Integrated Smart Munitions
Malware, Denial of Service, Jamming
Science Fiction?
The Art of the Possible
Convergence of Technology
Current State of Technology
Army Cyber Command/2nd ARMY
4 “Second to None!”
BASIC Visual Basic VBScript VB.net
(1975) BSD
IT, Internet, & Telecommunications
Over Time
1980 1985 1990 1995 2000 2005 2010
DOS
SunOS Solaris
Windows
Vista
Win 98
Win
95
Win
NT Win 7 Win 8
Server 08
UNIX (1971) HP-UX
AIX
Mac OS 9 OS/X
Red Hat RHEL
Debian SELinux Ubuntu Chrome
LINUX Kernel
Java
Java
Fedora
nexus
Mosiac
Netscape
IE
1,2 Mozilla
Safari
Firefox
Sea Monkey Chrome
IE
10
IE
3
IE
4
IE
5
IE
6
IE
7 IE
8
IE
9
Cyber Environment
DOS, BASIC
Windows
Web
Browsers
Linux, Mac
OS, *UX
SunOS
Solaris
Unix &
Variants
Server 2K Server 2003
(1968) ARPANET
Internet Service Providers – Internet Growth
ARPANET
SHUT DOWN
Telecomms
GPS AMPS
GSM/C
DMA 802.11a/b
VOIP IPv4 IPv6
Bluetooth
WiMAX GPRS
UMTS EDGE
Ethernet Fast Ethernet
GbEthernet 10GbE 100GbE
Mobile Internet
802.11g 802.11n
WEP WPA WPA2
SONET/SDH SONET/SDH WDM CWDM DWDM Android
Windows
Phone
Symbian
Phone
Blackberry
NO Cyber Medium
or Operating System
is Invulnerable
Army Cyber Command/2nd ARMY
5 “Second to None!”
BASIC Visual Basic VBScript VB.net
(1975) BSD
Initial Threat Exploitations
1980 1985 1990 1995 2000 2005 2010
DOS
SunOS Solaris
Windows
Vista
Win 98
Win
95
Win
NT Win 7 Win 8
Server 08
UNIX (1971) HP-UX
AIX
Mac OS 9 OS/X
Red Hat RHEL
Debian SELinux Ubuntu Chrome
LINUX Kernel
Java
Java
Fedora
nexus
Mosiac
Netscape
IE
1,2 Mozilla
Safari
Firefox
Sea Monkey Chrome
IE
10
IE
3
IE
4
IE
5
IE
6
IE
7 IE
8
IE
9
Cyber Environment:
Server 2K Server 2003
Internet Service Providers – Internet Growth
GPS AMPS
GSM/C
DMA 802.11a/b
VOIP IPv4 IPv6
Bluetooth
WiMAX GPRS
UMTS EDGE
Ethernet Fast Ethernet
GbEthernet 10GbE 100GbE
Mobile Internet
802.11g 802.11n
WEP WPA WPA2
SONET/SDH SONET/SDH WDM CWDM DWDM
HIGH
LOW
CNO INTRUDER KNOWLEDGE
CNO ATTACK TOOL SOPHISTICATION
Password Guessing
SELF-Replicating Code
Password Cracking
Known Vulnerability Exploits
Audit Disabling
Back Doors
Portsweeping
Network Mgmt & Diagnostics
Port Sniffing
GUI
Packet Spoofing
Automated Probes/Scans
Flexible (“Stealth”) Scan Techniques
DoS
Web Attacks
Cross-Site Scripting
Distributed Attack Tools (DDoS)
Auto-Coordinated Tools
Highjacking Sessions
Initially,
Intruder Knowledge High
Tool Sophistication Low
Army Cyber Command/2nd ARMY
6 “Second to None!”
BASIC Visual Basic VBScript VB.net
(1975) BSD
Threat Prowess Improves
1980 1985 1990 1995 2000 2005 2010
DOS
SunOS Solaris
Windows
Vista
Win 98
Win
95
Win
NT Win 7 Win 8
Server 08
UNIX (1971) HP-UX
AIX
Mac OS 9 OS/X
Red Hat RHEL
Debian SELinux Ubuntu Chrome
LINUX Kernel
Java
Java
Fedora
nexus
Mosiac
Netscape
IE
1,2 Mozilla
Safari
Firefox
Sea Monkey Chrome
IE
10
IE
3
IE
4
IE
5
IE
6
IE
7 IE
8
IE
9
Cyber Environment:
Server 2K Server 2003
Internet Service Providers – Internet Growth
GPS AMPS
GSM/C
DMA 802.11a/b
VOIP IPv4 IPv6
Bluetooth
WiMAX GPRS
UMTS EDGE
Ethernet Fast Ethernet
GbEthernet 10GbE 100GbE
Mobile Internet
802.11g 802.11n
WEP WPA WPA2
SONET/SDH SONET/SDH WDM CWDM DWDM
HIGH
LOW
CNO INTRUDER KNOWLEDGE
CNO ATTACK TOOL SOPHISTICATION
ARF-ARF vs. IBM
PC
BRAIN-BOOT / Pakistani Flu vs.
IBM PC Compatibles
Vienna, Lehigh, Stoned, Ping-Pong, Cascade, Jerusalem, SCA/Byte Bandit, Christmas Tree
Wild spread/Worldwide Impact: Jerusalem, Festering Hate,
Morris Worm
Chameleon (Polymorphic
Virus)
Michelangelo
Freddy Kruger
One-Half (Polymorphic)
Concept (Macro Virus)
Happy99, Melissa ExploreZip, Kak
ILOVEYOU/Barok, Pikachu, Hybris
Simile, Beast, MyLife, Optix Pro
SQL Slammer/Sapphire, Graybird, ProRat/RAT, Blaster, Welchia, SoBig, Swen,
Sober, Agobot, Bolgimo
Bagel, MyDoom, Netsky, Witty, Sasser, Caribe, Nuclear RAT, Vundo/Virtumode,
Bifrost, Santy
Zotob, Samy, Zlob,
Bandook
Nyxem, Leap/Oompa, Brontok, Stration
Storm, Zeus
Mocmex, Torpig, Rustock, Bohmini,
Koobface, Conficker
W32.Dozer, Daprosy
STUXNET, “Here You
Have” Zeus/SpyEye Merged Code
New Technology
Yields Extraordinary Vulnerabilities
& Opportunities
Army Cyber Command/2nd ARMY
7 “Second to None!”
BASIC Visual Basic VBScript VB.net
(1975) BSD
Infused w/Intelligence
BotNet as A Warfighter
1980 1985 1990 1995 2000 2005 2010
DOS
SunOS Solaris
Windows
Vista
Win 98
Win
95
Win
NT Win 7 Win 8
Server 08
UNIX (1971) HP-UX
AIX
Mac OS 9 OS/X
Red Hat RHEL
Debian SELinux Ubuntu Chrome
LINUX Kernel
Java
Java
Fedora
nexus
Mosiac
Netscape
IE
1,2 Mozilla
Safari
Firefox
Sea Monkey Chrome
IE
10
IE
3
IE
4
IE
5
IE
6
IE
7 IE
8
IE
9
Cyber Environment:
Server 2K Server 2003
Internet Service Providers – Internet Growth
GPS AMPS
GSM/C
DMA 802.11a/b
VOIP IPv4 IPv6
Bluetooth
WiMAX GPRS
UMTS EDGE
Ethernet Fast Ethernet
GbEthernet 10GbE 100GbE
Mobile Internet
802.11g 802.11n
WEP WPA WPA2
SONET/SDH SONET/SDH WDM CWDM DWDM
One-on-One
Attacks only
Appearance of
Multiple Boot-Sector
Viruses at the
Campus, Regional,
and Worldwide
levels.
First Worm spreads “in
the wild”, First Buffer
Overflows
Viruses Spreading
from Network to
Network
1st Massive
Damage to
World
Financial
Institutions
Damage to Individual & World
Business & Financial Institutions
Continue
Mobile
Phone &
1st MAC
OS X
Viruses
BOTNETS
CYBER
WARFARE
(Europe)
STUXNET
ZOMBIES
MIL/Nation-State Use of
CYBER Weaponry
One or More
MIL/Nation States
using Cyber
Weaponry
Potential of
MIL/Nation-
State use of
BOTNETS &
ZOMBIES
Viruses Spreading
from BBSes to
Mainstream
Networks
CNO INTRUDER KNOWLEDGE
CNO ATTACK TOOL SOPHISTICATION
Coordinated Attacks
Against Multiple Target Sets
Potential for Strategic Consequence
Army Cyber Command/2nd ARMY
8 “Second to None!”
The Op/Tac Cyber Gap
• Brigade level and above staffs lack the appropriate organization for situational awareness, expertise and capability to integrate all aspects of the Cyber Electromagnetic (CEM) contest : - Situational Awareness/Common Operating Picture - Offense - Defense - Support, and the necessary “practitioner‟ expertise for the CEM tasks that they must execute. - Each echelon lacks sufficient expertise/capability to request C/EM capabilities resident at higher echelons.
Army Cyber Command/2nd ARMY
9 “Second to None!”
Mission Command applies unified force (Land and Cyber) to establish optimal combination of effects to achieve objectives
CYBERSPACE DOMINATION
LAND DOMINATION
Mission Command Unified Effects
?
Current Situation Where We Need to Go
USCC Initiatives
ARMY Initiatives
UNIFIED OPERATIONS
How do we link?
CAM/WAS
Operational Adaptability
9
LandCyber
(Unified Operations)
Army Cyber Command/2nd ARMY
10 “Second to None!”
Cyber Electromagnetic
(CEM) Element
Fires
Operational
Integration,
Electronic
Warfare
(29 Series)
Cyber
Warfare,
Intelligence
(35 Series)
Cyber
NetOps
(25 Series)
PlansCurrent
Operations
Integrating Cells
Future
Operations
ProtectionSustainment
Maneuver
Mission
Command
Intelligence
The CEM element &
working group
accomplish two primary
functions:
• Integrate and
synchronize CEM
capabilities and activities to
achieve desired conditions
in cyberspace and the
electromagnetic spectrum
• Integrate CEM
capabilities and activities
into the combined arms
operation.
Human
Army Cyber Command/2nd ARMY
11 “Second to None!”
Enable
Msn Cmd
NA
TIO
NA
L R
EGIO
NA
L O
PS
/ TA
CTI
CA
L
Futu
re B
uild
National Targets
Regional Targets
OPS/Tactical Targets
EMS / C
ybe
rspace
Network Mapping
Defend
Close Access Operations
Attack
Cyb
er
Infr
astr
uct
ure
(“N
od
es”
)
Cyber Centers Integrate/De-conflict/Add Visibility
Modify Machine Behavior
Modify Human Behavior
Collection
Distributed Warfighting Platform Creates Effects
Cyberspace / EM Operations
Cyberspace / EM Operations
Cyberspace / EM Operations
Cyberspace / EM Operations
Cyberspace / EM Operations
11
CEM at
Army Echelon
Army Cyber Command/2nd ARMY
12 “Second to None!”
Integrated Warfighting Platform
Mission Command
CEM Element
7/39 IIA
Element Signal
Capability
MI Capability
Leads Directs Tasks
Orders
Cdr’s Desired Effects
Build, Operate, Maintain, Defend Mission Command Exploit, Attack and Influence Adversary Mission Command
Cyber Capability
- Platforms of EW - E and A of Cyber - D support of Cyber
- B, O, M, D of Cyber - IA of Cyber - Enterprise Management of Cyber
Mission Command
6 NETOPs Center 2
ACE EW
Capability
IIA Capability
Guides WfFs/Staff
Process
2/3/6 Staff Integration Integrated Cyber
Warfighting Platform
3
NETWORK
Army Cyber Command/2nd ARMY
13 “Second to None!”
The Joint
Cyber Support Element
Cyber Support Elements (CSE)
Organized from USCYBERCOM forces and stationed with CCDRs for full
integration with their staff. Provide SMEs for cyberspace operations, planning,
and other related functions.
Expeditionary Cyber Support Element (ExCSE)
A forward-deployed element of USCYBERCOM (or service cyber component)
personnel temporarily augmenting the CSE in CCDR designated locations during
an operation
13
Spec Integration
Sea Integration
Land Integration
Air Integration
CCMD USCYBERCOM
JCC
CSE
JTF
ExCSE
JFACC
ExCSE
JFLCC
ExCSE
JFMCC
ExCSE
JFSPOC
ExCSE
JOC JTF
ExCSE
JTF
ExCSE