Joint Staff J7 Cyberspace Environment Division /

Joint Information Operations Range (JIOR) Overview

Approved for Public Release by Joint Staff Public Affairs - Hampton Roads

18 Dec 15

“DoD requires an integrated test range to increase confidence

and better assure predictable outcomes. The test range

supports exercises, testing and development of Computer Network

Attacks (CNA), EW and other IO capabilities.”

2003 DoD IO Roadmap

Recommendation: Develop a network of IO & CNA ranges USD(I)

USD(AT&L) DOT&E

FY05 FY06

DepSecDef England designates JFCOM as LA

IOC: 10 nodes; 3 use cases

FY08

40 nodes; 18 events

FY10 57 nodes; 33 events

64 nodes; 45 events

PACOM

AFRICOM

CENTCOM

EUCOM

STRATCOM

United Kingdom

Australia

AIR FORCE

ARMY

NAVY

USMC

NSA

FY07

11 events; PL-3 Designation

FY09

Transitioned to JS - aligned under S&I / JOSE

DepSecDef Memo Detailing governance Of the JIOR to JS - SEP 2011

JIOR Background

FY11

70 nodes; 62 events

FY12

FY13

FY14

75 nodes; 49 events

82 nodes; 56 events

90 nodes; 60 events

Aligned under DDJE / CED $ reduction

Aligned under DDJT / CED

2

(U) Key Attributes

Closed-loop, scalable and transportable

DIA accredited secure training & test environment

Distributed environment – Ability to train at home

station

Both persistent environments (PE) and tactical event environments

JIOR Enterprise

AGILE RESPONSIVE

SECURE

JIOR RED

Threat Systems Red Teams

BLUE Friendly

GRAY (.com/internet)

WHITE Control

Assessment

(U) Essential Elements of a Training Environment

RED Forces

Internet NOISE

BLUE Forces

Exercise Control

(U) Provides Access to:

Threat Environments

Critical Infrastructure and Key Resources (CIKR)

Traffic Generation

Network Emulation

Blue Offensive & Defensive Cyber Capabilities

Currently, 110 access points in five countries

Transport, Integration, Planning & Security

• Transport

Closed-loop & distributed live-fire cyber range complex Leveraging existing and extended networks (DISN, DREN, JTEN, ESNet,

etc)

• Integration

Network engineers to build and integrate complex user architectures

• Event Planning

Subject Matter Experts coordinate and design Persistent & Tacticalenvironments to meet Combatant Command, Service and Agency cyber andIO requirements

• Security DIA accredited to operate from unclass to TS/SCI – SAP/SAR/STO Standing policy to execute SAP/STO within the JIOR

The JIOR

Planning Cell Tier II NOSC Tier III Engineering

Rack Mounted Service Delivery Point

Pico Service Delivery Point

Boundary, Red/Black Distinction Assessment Exercise Ctrl

WHITE

RED

OPFOR

GRAY

DISA GIG Replication

BLUE Service

Networks

RED RED

Target

BLUE

Virtual C2 Systems

GRAY

Web/Social Media

24th AF

BLUE Traffic

Generation

Carnegie Mellon

GRAY

Internet Replication

DoD IA

Range Combatant Command

TSMO

Intel Community

DREN/DISN JIOR

Service Delivery Point Firewall / Crypto / Routers

6

7

Simulation Training Exercise Platform -- STEP

• STEP: One aspect of the Persistent Training Environment. A hands-on lab for individual students & team-exercise game-space topologies. STEP ensures multiple concurrent, isolated projections can be deployed and accessed by different teams simultaneously -- Red, blue, gray space with scenarios for training

• CED’s Role: Centrally manage the platform for decentralized use • 1) Cyber mission force training 1,000/2,000 /3,000 • 2) Capstone level events e.g. Cyber Flag/Guard/Knight • 3) TS instantiation for OPFOR training

-- Located in Suffolk in 116B (Annex)

• USCC’s Role: Content of training / Funding

8

FY16 Program of Work Projection

COMBATANT COMMAND 15SERVICE 39AGENCY 4COALITION 2TOTAL 60

MAJOR SPONSOR

COMBAT/MISSION RELATED 7TRAINING 26OPERATIONS SUPPORT 10TEST & EVALUATION 11EXPERIMENTS 6TOTAL 60

ENVIRONMENT PURPOSE

COMBATANT COMMAND

25%

SERVICE65%

AGENCY7%

COALITION3%

COMBAT& MISSION

RELATED12%

TRAINING43%OPERATIONS

SUPPORT17%

TEST & EVALUATION

18%

EXPERIMENTS10%

110 access points in five countries

Key Points: Growing number of large/extra large environments (>600 man hours each to plan/execute) More participants leveraging established persistent environments JIOR footprint will expand to new user communities (e.g., National Guard, Interagency, coalition)

JIOR in FY16 Execute 60 environments (+/-10%)

Expand footprint to 120+ nodes worldwide

Segregation of JIOR Activities

IO Range architecture supports multiple segregated activities at different classification levels

– Patch panels enable sites to control connections to IO Range – One-for-one relationship between ports and Type-3 VPNs

10

Traffic Management Can Be Risky Business

Shown is a Type-1 Bulk Encrypted Tunnel (VPN) that carries several Type-3 Encrypted VLANs between Client and Vendor Sites.

(No passing / Crossing Lanes Permitted) (VLAN) Yellow-SCI.. Red-Secret… Blue-Other… 11

Questions/Discussion