Defensive Cyber Operations Industry Overview 3 APR 18 LTC Scott Helmore UNCLASSIFIED
Introduction Welcome Transforming I3C2 to DCO Themes: Innovation Secure Communications Collaboration WWII was won with American manufacturing Cold War was won with military industrial complex How will we win the cyber war? 4/23/2018 UNCLASSIFIED 2
Defensive Cyber Overview TRADOC Capability Manager Cyber Cyber Center of Excellence DCO IS ICD *11 Requirements Definition Packages Materiel Developers PdM DCO PM MC **TDI Only PdM TCNO **TDI ONS Only ARCYBER **Limited Acquisition Authority 11 Programs Operational Force U.S. Army Cyber Command (ARCYBER) CPTs 41 Army CPTs 20 Active Duty 21 USAR / ARNG U.S. Army Cyber Protection Brigade FT Gordon, GA USAR ARNG DCO ONSs UNCLASSIFIED / FOUO 3
Tailored Acquisition 1. Single Material Development Decision for suite of capabilities From Formal Acquisition 2. Reduced Documentation 3. Empower Leaders (0 6 Level Decision Makers) ACAT IVs 4. Flexible Resourcing allocated to Suite of Capabilities instead of specific programs 5. Continual Test Environment Forge Focused on Capability drop decisions vs traditional milestone decisions Prototyping MDD To Evolutionary Acquisition Capability Release Decisions Providing Acquisition Capabilities at the Speed of Relevance UNCLASSIFIED 4
DCO Evolutionary Acquisition Emerging Technologies Other Transactional Agreements Build our Cyber Industrial Bench Connect with Industry/Government ranges Pre emptive Risk Management Assistance Industry Recommends new Technology Shark Tank Rapid Pitches Crucible Assessment Events Constellation Tiered Industry Experts 30 Day Prototype Process C RAPID Forge Assess/Develop Technology Integrate Capabilities Anytime Training Innovation Integration System Integrator Contracts Programs of Record (Multiple) Five Year Efforts Integrate OTA Innovation Modularity Focused on Open Source and Open Architecture 30 Day Integration Fielding Stability Evolutionary Acquisition Armory Forward Deployed Support Latest Integrated Capabilities Mission Focused Training Sustaining
Securing Acquisitions Screening Questions Facility Clearance Experienced Integration capabilities No Foreign Supply Chain/Control Issues SIPR capabilities (communication) Monitoring Scanning of Equipment and Code UNCLASSIFIED 6
Constellation Industry Subject Matter Expert sub-consortiums Lead Members are given direct access to Operational Data and problems; Have weekly sync with PM and ARCYBER Must have TS/SCI facility clearance Constellation (example) Multiple Leads (No more than eight per topic) Recommend Technologies (1) Lead Can be rotated if not productive (20) Cleared Advisors Cleared Advisors have security Clearances and are selected by Lead Member Innovative Firms do not require clearances and (50) Innovative firms are selected by Cleared Advisors or Lead Members Constellation Leads may include: (1) Government, (1) Academia, (1) FFRDC, and (4) Industry Get Ahead of Threats; Building the Cyber Bench UNCLASSIFIED 7
Acquisition Steps April - Request for Proposal Garrison DCO Platform; Deployable DCO System April Consortium Management Firm selection April Forge Stand-up June Request for Proposal Analytics July Request for Proposal Mission Planning September User Activity Monitoring & Forensics/Malware Continual Technology Reviews using C RAPID and Forge UNCLASSIFIED 8
User Activity Monitoring Program Description User Activity Monitoring (UAM) is the primary capability within the Army s overall Insider Threat program. UAM will mitigate gaps that inhibit the Army s ability to identify anomalous or malicious user activity that may pose a threat to the Joint Worldwide Intelligence Communications System (JWICS) and Secure Internet Protocol Router Network (SIPRNet) networks. UAM is a software based, scalable solution that proactively identifies and mitigates internal risks associated with the theft or misuse of critical, mission essential data. It utilizes an integrated approach with a centralized UAM cell sending data to a core Insider Threat Hub. Capabilities Endpoint activity monitoring and control, capture and analysis of user actions (with the ability to replay), investigations, and the adaptation of an organization s Insider Threat countermeasures Identify individuals who are at higher risk for being targeted by foreign intelligence or more likely to misuse access privileges Provides audit and trigger data to designated cyber forces based on predefined policies The Army will implement UAM for all Soldiers, civilians, and contractors with access to JWICS and SIPRNet 2017 Assess Data Analytics Services to attach to Raytheon Innerview 2018 Employment of Securonix Big Data Platform Assessment 2019 Program of Record UNCLASSIFIED 9
Forensics and Malware Program Description The Forensics and Malware Analysis (F&MA) capability will be composed of a set of applications used to provide the enterprise level function to detect, analyze, mitigate and eradicate malicious IT threats (malware) on defended networks. F&MA will hunt for malware residing on processing components, including, clients, servers and network components. It will also provide information support on assessment of damages, and restoration. The applications will examine the operation of malware, isolate, and extract it from the contaminated network to a controlled environment. Capabilities Rapidly triage an incident and place the impacted system back in service Quickly review information stored on deployed computers in real time without altering or damaging it Assist in determining subsequent actions in order to collect, process, search, and analyze evidence from portable electronic devices, removable media, system hard drives, and random access memory 2017 Deployed as part of Tool Suite 2018 Enterprise Pilot 2019 Program of Record Automated and dynamic malware decomposition and behavior analysis to determine impacts UNCLASSIFIED 10
Discussion How should technologies be recommended? How can we make a better partnership? How can we be Open but Secure? How many Constellations? Can we buy solutions? Can we build a Cyber Coliseum? UNCLASSIFIED 11
Thank-you Anh Nguyen Executive Assistant to PdM and DPdM Defensive Cyber Operations (DCO) (O) 703.806.8549 anh.t.nguyen83.ctr@mail.mil LTC Scott Helmore Scott.e.Helmore.mil@mail.mil UNCLASSIFIED