joint staff j7 cyberspace environment division / joint ... cyber... · closed-loop &...
TRANSCRIPT
Joint Staff J7 Cyberspace Environment Division /
Joint Information Operations Range (JIOR) Overview
Approved for Public Release by Joint Staff Public Affairs - Hampton Roads
18 Dec 15
“DoD requires an integrated test range to increase confidence
and better assure predictable outcomes. The test range
supports exercises, testing and development of Computer Network
Attacks (CNA), EW and other IO capabilities.”
2003 DoD IO Roadmap
Recommendation: Develop a network of IO & CNA ranges USD(I)
USD(AT&L) DOT&E
FY05 FY06
DepSecDef England designates JFCOM as LA
IOC: 10 nodes; 3 use cases
FY08
40 nodes; 18 events
FY10 57 nodes; 33 events
64 nodes; 45 events
PACOM
AFRICOM
CENTCOM
EUCOM
STRATCOM
United Kingdom
Australia
AIR FORCE
ARMY
NAVY
USMC
NSA
FY07
11 events; PL-3 Designation
FY09
Transitioned to JS - aligned under S&I / JOSE
DepSecDef Memo Detailing governance Of the JIOR to JS - SEP 2011
JIOR Background
FY11
70 nodes; 62 events
FY12
FY13
FY14
75 nodes; 49 events
82 nodes; 56 events
90 nodes; 60 events
Aligned under DDJE / CED $ reduction
Aligned under DDJT / CED
2
(U) Key Attributes
Closed-loop, scalable and transportable
DIA accredited secure training & test environment
Distributed environment – Ability to train at home
station
Both persistent environments (PE) and tactical event environments
JIOR Enterprise
AGILE RESPONSIVE
SECURE
JIOR RED
Threat Systems Red Teams
BLUE Friendly
GRAY (.com/internet)
WHITE Control
Assessment
(U) Essential Elements of a Training Environment
RED Forces
Internet NOISE
BLUE Forces
Exercise Control
(U) Provides Access to:
Threat Environments
Critical Infrastructure and Key Resources (CIKR)
Traffic Generation
Network Emulation
Blue Offensive & Defensive Cyber Capabilities
Currently, 110 access points in five countries
Transport, Integration, Planning & Security
• Transport
Closed-loop & distributed live-fire cyber range complex Leveraging existing and extended networks (DISN, DREN, JTEN, ESNet,
etc)
• Integration
Network engineers to build and integrate complex user architectures
• Event Planning
Subject Matter Experts coordinate and design Persistent & Tacticalenvironments to meet Combatant Command, Service and Agency cyber andIO requirements
• Security DIA accredited to operate from unclass to TS/SCI – SAP/SAR/STO Standing policy to execute SAP/STO within the JIOR
The JIOR
Planning Cell Tier II NOSC Tier III Engineering
Rack Mounted Service Delivery Point
Pico Service Delivery Point
Boundary, Red/Black Distinction Assessment Exercise Ctrl
WHITE
RED
OPFOR
GRAY
DISA GIG Replication
BLUE Service
Networks
RED RED
Target
BLUE
Virtual C2 Systems
GRAY
Web/Social Media
24th AF
BLUE Traffic
Generation
Carnegie Mellon
GRAY
Internet Replication
DoD IA
Range Combatant Command
TSMO
Intel Community
DREN/DISN JIOR
Service Delivery Point Firewall / Crypto / Routers
6
7
Simulation Training Exercise Platform -- STEP
• STEP: One aspect of the Persistent Training Environment. A hands-on lab for individual students & team-exercise game-space topologies. STEP ensures multiple concurrent, isolated projections can be deployed and accessed by different teams simultaneously -- Red, blue, gray space with scenarios for training
• CED’s Role: Centrally manage the platform for decentralized use • 1) Cyber mission force training 1,000/2,000 /3,000 • 2) Capstone level events e.g. Cyber Flag/Guard/Knight • 3) TS instantiation for OPFOR training
-- Located in Suffolk in 116B (Annex)
• USCC’s Role: Content of training / Funding
8
FY16 Program of Work Projection
COMBATANT COMMAND 15SERVICE 39AGENCY 4COALITION 2TOTAL 60
MAJOR SPONSOR
COMBAT/MISSION RELATED 7TRAINING 26OPERATIONS SUPPORT 10TEST & EVALUATION 11EXPERIMENTS 6TOTAL 60
ENVIRONMENT PURPOSE
COMBATANT COMMAND
25%
SERVICE65%
AGENCY7%
COALITION3%
COMBAT& MISSION
RELATED12%
TRAINING43%OPERATIONS
SUPPORT17%
TEST & EVALUATION
18%
EXPERIMENTS10%
110 access points in five countries
Key Points: Growing number of large/extra large environments (>600 man hours each to plan/execute) More participants leveraging established persistent environments JIOR footprint will expand to new user communities (e.g., National Guard, Interagency, coalition)
JIOR in FY16 Execute 60 environments (+/-10%)
Expand footprint to 120+ nodes worldwide
Segregation of JIOR Activities
IO Range architecture supports multiple segregated activities at different classification levels
– Patch panels enable sites to control connections to IO Range – One-for-one relationship between ports and Type-3 VPNs
10
Traffic Management Can Be Risky Business
Shown is a Type-1 Bulk Encrypted Tunnel (VPN) that carries several Type-3 Encrypted VLANs between Client and Vendor Sites.
(No passing / Crossing Lanes Permitted) (VLAN) Yellow-SCI.. Red-Secret… Blue-Other… 11
Questions/Discussion