![Page 1: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/1.jpg)
CONNECTING OUR SOLDIERS
Industry Day – NetOps/Cyber
Breakout Session
23 September 2014
22 September 2014
![Page 2: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/2.jpg)
CONNECTING OUR SOLDIERS
NetOps / Cyber Overview
• ASA(ALT) Integrated NetOps Trail Boss – AAE designated PEO C3T in June 2012 to integrate and converge NetOps
capabilities across ASA(ALT) to provide more effective network capability to the Warfighter– includes both enterprise and tactical NetOps
– Work with Army CIO/G6, TRADOC, NETCOM, and other PEOs within Army to identify opportunities for NetOps integration and convergence
– Developed NetOps Information Exchange Specification to define the required info exchanges and to simplify NetOps interoperability going forward
– This session will provide overview of the NetOps Info Exchange Specs and how they relate to NetOps priorities within STARNET.
• Cyber Security Roadmap – Identifies and prioritizes current security threats and weaknesses and
recommends courses of action to implement and their associated timelines to implement
– Timelines for implementation vary depending upon the threat area under discussion
– This session will address the high priority areas of the Cyber Security Roadmap and how they relate to Cyber priorities within STARNET
2 22 September 2014
UNCLASSIFIED | For Public Release
![Page 3: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/3.jpg)
CONNECTING OUR SOLDIERS
NetOps Info Exchange Specs
3 22 September 2014
• Army NetOps capabilities are currently developed and fielded as ‘closed system’ or ‘closed architecture’ specific capabilities
• Specifications developed that define and facilitate information exchanges between
the NetOps systems, tools and services.
– Enable rapid development and integration of new NetOps capabilities into effective, end-to-
end, NetOps services
• Applicable to all NetOps services, systems, tools, and devices – Information exchange is at the network layer (IP) and above
– Specifications support both IPv4 and IPv6
• Do not include all currently used standards or protocols – Intentionally constrains future acquisition to a reduced optimum set of these standards
• To be referenced as part of all future solicitations for the acquisition of NetOps systems and services
• Would not impose requirement to modify existing/currently fielded NetOps systems & capabilities due to resource limitations
![Page 4: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/4.jpg)
CONNECTING OUR SOLDIERS
NetOps Info Exchange Specs
4 22 September 2014
• Managed Element (ME)
– A manageable physical or logical entity, e.g., radio, router, computer system, virtual
machine, application, service, other
• NetOps Manager (NM)
– A software application, system, or service used in managing NetOps elements, e.g.,
SolarWinds, CA Spectrum, Microsoft SCCM, BMC ITSM
• NetOps Information Exchanges
– Defines content, format and protocol for movement of NetOps information
– Open standards based, e.g., SNMP, Web Services
• 132 Specs written across nine Info Exchanges – Currently in Army Staffing with plan to publish on 21-November 2014
– Army CIO/G6 & ASA(ALT) to jointly publish (co-signatories) as technical standards for future acquisition of NetOps capabilities
![Page 5: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/5.jpg)
CONNECTING OUR SOLDIERS
NetOps Info Exchange Specs
5 22 September 2014
Content
Format
9/22
/201
4
Managed
Element
NetOps
Manager
1
NetOps
Manager
2 Inventory
Reports
Alerts
Tickets
Configure
Monitor
Event Software
Plugin
Software
Plugin
Software
Plugin Software
Plugin
Software
Plugin
Software
Plugin
Initialize
Discover
SNMPv3 ICMP WS-MAN HTTPS REST HTTP
Syslog IPFIX SNMP Trap
CIM from DMTF
XML from W3C
CIM from DMTF MIB-2/Vendor MIB
IPFIX Syslog NETCONF
XML from W3C ASN.1 Syntax
![Page 6: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/6.jpg)
CONNECTING OUR SOLDIERS
NetOps Capability Improvements
Aligned to
NetOps Focus Areas for STARNET:
– NetOps Simplification
– Network Discovery Service
– Common Visualization Dashboard
– Use of COTS in DIL environment
– Provisioning System
Each related to NetOps Info Exchange Specs
6 22 September 2014
![Page 7: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/7.jpg)
CONNECTING OUR SOLDIERS
NetOps Simplification
• Converge NetOps Tools onto fewer hardware platforms
• Simplify user interfaces
• Reduce number of steps required for operators to build network plans
• Simplify Unit Task Reorganization (UTR)
– Defining standards to support simplified initialization and reconfiguration of systems
• NetOps Info Exchange Specs will be leveraged
• Related to Configure Info Exchange (NetOps Manager to Managed Element)
– Developing UTR CONOPS
– Integrate OTAM solution
– Need GUI interface to simplify execution of UTR
7 22 September 2014
![Page 8: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/8.jpg)
CONNECTING OUR SOLDIERS
Network Discovery Service
• Need service with capability to discover nearby networks – Includes radio networks such as SRW or WNW
– Includes Wi Fi discovery
• Needs to be ongoing background task – Depends on phase of battle, network condition, or how network has been
configured
• Related to Discovery Info Exchange (NetOps Manager to Managed Element)
8 22 September 2014
![Page 9: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/9.jpg)
CONNECTING OUR SOLDIERS
• Need ability for NetOps tools to be able to share network monitoring
information with a common dashboard
• Dashboard itself is not needed
• Related to Monitor Info Exchange (NetOps Manager to Managed
Element)
9 22 September 2014
Common Visualization Dashboard
![Page 10: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/10.jpg)
CONNECTING OUR SOLDIERS
• Need to utilize COTS tools that are optimized for
Disconnected, Intermittent, Low-Bandwidth (DIL)
environment
• Need to be optimized for satellite communications
• Need to assume low bandwidth availability
• Can not rely on constant communications
• Related to all Info Exchanges
10 22 September 2014
Optimization of COTS in DIL Env
![Page 11: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/11.jpg)
CONNECTING OUR SOLDIERS 11 22 September 2014
• Create a process to decrease
amount of time need to reimage
configuration items
• Assist in software patching / IAVA
delivery
• Related to Initialize and Configure
Info Exchanges (NetOps Manager
to Managed Element)
Provisioning System
![Page 12: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/12.jpg)
CONNECTING OUR SOLDIERS
Cyber Capability Improvements
Aligned to
Top 6 Cyber Focus Areas for STARNET
– Warfighter Authentication
– Improved Cyber Situational Awareness
– Platform Resilience
– System Maintenance and Automation
– Network Simplification
– Data Leakage
12 22 September 2014
![Page 13: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/13.jpg)
CONNECTING OUR SOLDIERS
Authentication
Migrate away from IDs, passwords, tokens, and other current
authentication methods to simplify operations for the Warfighter
• Leverage existing technologies to implement stronger authentication and
authorization of network resources
• Provide a method that does not solely rely on tokens, passwords and
IDs as a means to provide authentication of personnel to platforms and
applications
• Conduct parallel work to tie non-hardware based authentication to
Enterprise level resource access.
13 22 September 2014
![Page 14: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/14.jpg)
CONNECTING OUR SOLDIERS
Improved Cyber SA
Drive improvements in Cyber Kill Chain detection,
containment, and response
• Continue deployment of event aggregation to SEIM infrastructure
• Continue developments of alerting and reporting architecture
• Leverage Cyber Analytic Cloud platform
• Improve visualization and response
14 22 September 2014
Recon
Weaponize
Deliver
Exploit
Control
Execute
Maintain
![Page 15: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/15.jpg)
CONNECTING OUR SOLDIERS
Improve Platform Resilience
Determine alternative protection that works and meets DoD
and Tactical risk management requirements
• Refine anti-virus and anti-malware type solutions to provide optimal,
useful, and timely cyber SA for Commanders to support improvements
in Cyber Kill Chain containment and response.
• Identify and implement alternative solutions (e.g., whitelisting, non-
volatile images) for tactical systems.
• Continue to research and test more advanced capabilities for future
implementation.
15 22 September 2014
![Page 16: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/16.jpg)
CONNECTING OUR SOLDIERS
System Maintenance
Improve current capabilities for supporting deployed systems and applications
• Secure System Configuration
– Ensure configuration integrity for Security Technical Implementation Guidance (STIG) and Information Assurance Vulnerability Alert (IAVA) conformances
– Evaluate alternative methods for standard Virtual Machine images, “thin client” architecture, and increased use of virtualized servers and endpoints
• Upgrades and Patching – Continue work to reduce patching and upgrade timelines
– Investigate the possibility to migrate to virtual workstations in the tactical environment
• SOPs: Automation of controls as opposed to placing the burden on the Warfighter
16
22 September 2014
![Page 17: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/17.jpg)
CONNECTING OUR SOLDIERS
Network Simplification
Simplify and reduce network footprint to improve efficiency,
reduce management effort, and improve controls
• Target a tactical single network architecture
• Provide access via a tunneling approach to external resources
– Consider Virtual Network technologies for tunneling non-critical devices
• Virtualization and sandboxing of platforms for access.
• Support future mobile deployment (e.g., Android, iOS)
• Replace traditional firewalls and segmentation
17 22 September 2014
![Page 18: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/18.jpg)
CONNECTING OUR SOLDIERS
Data Leakage
18 22 September 2014
Support improvements in DoD tactical collaboration while
providing enhanced data movement protection
• Improve content aware functional processing
• Implement platform changes for data centric access management
• Implement Application and Systems strategies for boundary
containment
• Identify and detect sensitive data movement in real-time
• Leverage Big Data analytics
![Page 19: Industry Day NetOps/Cyber Breakout Session › files › presentations › AFCEAAber… · Industry Day – NetOps/Cyber Breakout Session 23 September 2014 22 September 2014 . CONNECTING](https://reader035.vdocuments.us/reader035/viewer/2022070803/5f033f567e708231d4084471/html5/thumbnails/19.jpg)
CONNECTING OUR SOLDIERS
Your Questions
19 UNCLASSIFIED | For Official Use Only
22 September 2014