industry day netops/cyber breakout session › files › presentations › afceaaber… · industry...
TRANSCRIPT
CONNECTING OUR SOLDIERS
Industry Day – NetOps/Cyber
Breakout Session
23 September 2014
22 September 2014
CONNECTING OUR SOLDIERS
NetOps / Cyber Overview
• ASA(ALT) Integrated NetOps Trail Boss – AAE designated PEO C3T in June 2012 to integrate and converge NetOps
capabilities across ASA(ALT) to provide more effective network capability to the Warfighter– includes both enterprise and tactical NetOps
– Work with Army CIO/G6, TRADOC, NETCOM, and other PEOs within Army to identify opportunities for NetOps integration and convergence
– Developed NetOps Information Exchange Specification to define the required info exchanges and to simplify NetOps interoperability going forward
– This session will provide overview of the NetOps Info Exchange Specs and how they relate to NetOps priorities within STARNET.
• Cyber Security Roadmap – Identifies and prioritizes current security threats and weaknesses and
recommends courses of action to implement and their associated timelines to implement
– Timelines for implementation vary depending upon the threat area under discussion
– This session will address the high priority areas of the Cyber Security Roadmap and how they relate to Cyber priorities within STARNET
2 22 September 2014
UNCLASSIFIED | For Public Release
CONNECTING OUR SOLDIERS
NetOps Info Exchange Specs
3 22 September 2014
• Army NetOps capabilities are currently developed and fielded as ‘closed system’ or ‘closed architecture’ specific capabilities
• Specifications developed that define and facilitate information exchanges between
the NetOps systems, tools and services.
– Enable rapid development and integration of new NetOps capabilities into effective, end-to-
end, NetOps services
• Applicable to all NetOps services, systems, tools, and devices – Information exchange is at the network layer (IP) and above
– Specifications support both IPv4 and IPv6
• Do not include all currently used standards or protocols – Intentionally constrains future acquisition to a reduced optimum set of these standards
• To be referenced as part of all future solicitations for the acquisition of NetOps systems and services
• Would not impose requirement to modify existing/currently fielded NetOps systems & capabilities due to resource limitations
CONNECTING OUR SOLDIERS
NetOps Info Exchange Specs
4 22 September 2014
• Managed Element (ME)
– A manageable physical or logical entity, e.g., radio, router, computer system, virtual
machine, application, service, other
• NetOps Manager (NM)
– A software application, system, or service used in managing NetOps elements, e.g.,
SolarWinds, CA Spectrum, Microsoft SCCM, BMC ITSM
• NetOps Information Exchanges
– Defines content, format and protocol for movement of NetOps information
– Open standards based, e.g., SNMP, Web Services
• 132 Specs written across nine Info Exchanges – Currently in Army Staffing with plan to publish on 21-November 2014
– Army CIO/G6 & ASA(ALT) to jointly publish (co-signatories) as technical standards for future acquisition of NetOps capabilities
CONNECTING OUR SOLDIERS
NetOps Info Exchange Specs
5 22 September 2014
Content
Format
9/22
/201
4
Managed
Element
NetOps
Manager
1
NetOps
Manager
2 Inventory
Reports
Alerts
Tickets
Configure
Monitor
Event Software
Plugin
Software
Plugin
Software
Plugin Software
Plugin
Software
Plugin
Software
Plugin
Initialize
Discover
SNMPv3 ICMP WS-MAN HTTPS REST HTTP
Syslog IPFIX SNMP Trap
CIM from DMTF
XML from W3C
CIM from DMTF MIB-2/Vendor MIB
IPFIX Syslog NETCONF
XML from W3C ASN.1 Syntax
CONNECTING OUR SOLDIERS
NetOps Capability Improvements
Aligned to
NetOps Focus Areas for STARNET:
– NetOps Simplification
– Network Discovery Service
– Common Visualization Dashboard
– Use of COTS in DIL environment
– Provisioning System
Each related to NetOps Info Exchange Specs
6 22 September 2014
CONNECTING OUR SOLDIERS
NetOps Simplification
• Converge NetOps Tools onto fewer hardware platforms
• Simplify user interfaces
• Reduce number of steps required for operators to build network plans
• Simplify Unit Task Reorganization (UTR)
– Defining standards to support simplified initialization and reconfiguration of systems
• NetOps Info Exchange Specs will be leveraged
• Related to Configure Info Exchange (NetOps Manager to Managed Element)
– Developing UTR CONOPS
– Integrate OTAM solution
– Need GUI interface to simplify execution of UTR
7 22 September 2014
CONNECTING OUR SOLDIERS
Network Discovery Service
• Need service with capability to discover nearby networks – Includes radio networks such as SRW or WNW
– Includes Wi Fi discovery
• Needs to be ongoing background task – Depends on phase of battle, network condition, or how network has been
configured
• Related to Discovery Info Exchange (NetOps Manager to Managed Element)
8 22 September 2014
CONNECTING OUR SOLDIERS
• Need ability for NetOps tools to be able to share network monitoring
information with a common dashboard
• Dashboard itself is not needed
• Related to Monitor Info Exchange (NetOps Manager to Managed
Element)
9 22 September 2014
Common Visualization Dashboard
CONNECTING OUR SOLDIERS
• Need to utilize COTS tools that are optimized for
Disconnected, Intermittent, Low-Bandwidth (DIL)
environment
• Need to be optimized for satellite communications
• Need to assume low bandwidth availability
• Can not rely on constant communications
• Related to all Info Exchanges
10 22 September 2014
Optimization of COTS in DIL Env
CONNECTING OUR SOLDIERS 11 22 September 2014
• Create a process to decrease
amount of time need to reimage
configuration items
• Assist in software patching / IAVA
delivery
• Related to Initialize and Configure
Info Exchanges (NetOps Manager
to Managed Element)
Provisioning System
CONNECTING OUR SOLDIERS
Cyber Capability Improvements
Aligned to
Top 6 Cyber Focus Areas for STARNET
– Warfighter Authentication
– Improved Cyber Situational Awareness
– Platform Resilience
– System Maintenance and Automation
– Network Simplification
– Data Leakage
12 22 September 2014
CONNECTING OUR SOLDIERS
Authentication
Migrate away from IDs, passwords, tokens, and other current
authentication methods to simplify operations for the Warfighter
• Leverage existing technologies to implement stronger authentication and
authorization of network resources
• Provide a method that does not solely rely on tokens, passwords and
IDs as a means to provide authentication of personnel to platforms and
applications
• Conduct parallel work to tie non-hardware based authentication to
Enterprise level resource access.
13 22 September 2014
CONNECTING OUR SOLDIERS
Improved Cyber SA
Drive improvements in Cyber Kill Chain detection,
containment, and response
• Continue deployment of event aggregation to SEIM infrastructure
• Continue developments of alerting and reporting architecture
• Leverage Cyber Analytic Cloud platform
• Improve visualization and response
14 22 September 2014
Recon
Weaponize
Deliver
Exploit
Control
Execute
Maintain
CONNECTING OUR SOLDIERS
Improve Platform Resilience
Determine alternative protection that works and meets DoD
and Tactical risk management requirements
• Refine anti-virus and anti-malware type solutions to provide optimal,
useful, and timely cyber SA for Commanders to support improvements
in Cyber Kill Chain containment and response.
• Identify and implement alternative solutions (e.g., whitelisting, non-
volatile images) for tactical systems.
• Continue to research and test more advanced capabilities for future
implementation.
15 22 September 2014
CONNECTING OUR SOLDIERS
System Maintenance
Improve current capabilities for supporting deployed systems and applications
• Secure System Configuration
– Ensure configuration integrity for Security Technical Implementation Guidance (STIG) and Information Assurance Vulnerability Alert (IAVA) conformances
– Evaluate alternative methods for standard Virtual Machine images, “thin client” architecture, and increased use of virtualized servers and endpoints
• Upgrades and Patching – Continue work to reduce patching and upgrade timelines
– Investigate the possibility to migrate to virtual workstations in the tactical environment
• SOPs: Automation of controls as opposed to placing the burden on the Warfighter
16
22 September 2014
CONNECTING OUR SOLDIERS
Network Simplification
Simplify and reduce network footprint to improve efficiency,
reduce management effort, and improve controls
• Target a tactical single network architecture
• Provide access via a tunneling approach to external resources
– Consider Virtual Network technologies for tunneling non-critical devices
• Virtualization and sandboxing of platforms for access.
• Support future mobile deployment (e.g., Android, iOS)
• Replace traditional firewalls and segmentation
17 22 September 2014
CONNECTING OUR SOLDIERS
Data Leakage
18 22 September 2014
Support improvements in DoD tactical collaboration while
providing enhanced data movement protection
• Improve content aware functional processing
• Implement platform changes for data centric access management
• Implement Application and Systems strategies for boundary
containment
• Identify and detect sensitive data movement in real-time
• Leverage Big Data analytics
CONNECTING OUR SOLDIERS
Your Questions
19 UNCLASSIFIED | For Official Use Only
22 September 2014