Post on 03-Apr-2020
Cyber Engineering and Integration Excellence
AFNIC/NIA Architecture as a Service
Jamie “Mike” Wilson AFNIC/NIA
29 Aug 2018
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
Overview
• What Do We Do?• Why Model?• How We Do It (Examples)• What’s The Way Ahead?• Where is it?• Other Questions?
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
What Do We Do?Architecture Hierarchy
Cyberspace Superiority
JIE
Cyberspace Superiority Enterprise Architecture (CSEA) 2024
AF Network Operations (AFIN Ops)
Defensive Cyberspace Operations (DCO)
CDA CVA/HACD C3MSCSCSAFINC
JRSS IPN ISN MPE
KO
ISR
EITSM
AFNET
S-JRSS
Joint Reference
Architectures
AF Reference Architectures
DoDIEA
Joint Solution Architectures
Agile Combat Support
Service Core Functions
TransportData & ServicesComputing
ServicesSecured
AvailabilityNetwork Ops
Joint Capability Areas
Nuclear Deterrence Operations
Air Superiority
Rapid Global
MobilityBuilding
PartnershipsSpace
Superiority
AF Capability Segments
AF Solution Architectures
Global Precision
AttackSpecial
OperationsCommand
and ControlPersonnel Recovery
Global Integrated
ISR
Joint Architectures --
CS
EA
Family of A
rchitectures
IdAM
Fit
fo
r P
urp
ose
Do
D-w
ide
Use
Mr Fred LewisAF Chief Architect
Fit
fo
r F
eder
atio
n
Mr. Dana DeasyDoD CIO
Cyber Range
R R R R
R AFNIC submitted core products
SIPRMOD
TBD
ACC Chief Architect
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
Why Model?
• All forms of engineering rely on models to understand complex, real-world systems
• Models facilitate the communication of key system characteristics and complexities to various stakeholders
• Models provide abstractions of a physical system that allow engineers to reason about the system by ignoring extraneous details while focusing on relevant ones
• Models are used to reason about specific properties of the system when aspects of the system change and can assist in predicting system qualities
• Depending on the context, different elements can be modeled which provide different views which ultimately facilitates:• analyzing problems• proposing solutions
• Applying different kinds of models provides a well-defined style of development, providing ability to re-use common approaches
4
Sashi Thangaraj (SAIC), "Introduction to Model Driven Architecture (MDA), NCICB Software Development Processes Facilitating Systems Interoperability
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
PORTFOLIO MANAGEMENT
Applying Reference Models to
promote std descriptions of activities,
orgs, systems, data, technologies,
and functionality for redundancy ID
and reuse
4
Why Model?Uses Of Architectures
Building a repository of
decision-supporting
information sources
RESOURCE PLANNING & MGMTWho should buy what, i.e.,
PPBE support to Capital
Planning and Investment
Control (CPIC) process;
comparative analyses of
proposed investment
strategies
2SYSTEM DEVELOPMENT & ACQUISITIONRequired functionality, interfaces,
information exchanges, services
and information infrastructure,
including technical standards
3
5 ….OTHER USES1. Education and Training
2. Exercise/Innovation
3. Test and Evaluation
4. …etc.
CAPABILITY BASED PLANNINGSupporting operational planners
analyses by defining ops
activities, system functions,
info/data needs and their
relationships (e.g., CRRA HPTs)
1
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
How We Do ItDoD Funds Capabilities
If these things are important to your
enterprise, they should be in your architecture
DoD Architecture Framework V2.02, Change 1, Vol I, 31 January 2015
Condition
Rule
Standard Agreement
Materiel
Data
System
Service Person Role
Organization
Geo Political
Location
Resource
Information
CapabilityActivity
GuidanceFUNDING
HAPPENS HERE
achieves desiredstate of
is realized by
is performed under
requires abilityto perform
consumes andproduces
is performed by
constrains
is at
is at
describessomething
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
How We Do ItDraft Cyberspace “Domain” Model
The Domain Model captures a description of what the software knows about the domain and the objects it contains.
SparX Enterprise Architect V12
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
How We Do ItDraft Cyberspace “Domain” Model
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
How We Do ItCV-2 Capability Taxonomy
class CV-2 CSEA 2024 with Capabilities Supporting Higher Level Architectures With Lower Level CSEA Capability Breakdown2
Joint Capability Area (JCA) CV-2 CapabilitiesDoD Information Enterprise Architecture (DoDIEA) CV-2 CapabilitiesSTRATCOM Situational Awareness Capabilities (SA) CV-2Cyberspace Superiority Enterprise Infrastructure (CSEA) CV-2 Capabilities
Legend
class CV-2 CSEA 2024 with Capabilities Supporting Higher Level Architectures With Lower Le ve l CSEA Capability Breakdown2
Provide Mission
Awareness
Awareness Sharing
Provide Network
AwarenessProvide Threat
Awareness
Assess Cybe r Limitation,
constraints, and Rules of
Engagement
Assess Grey Network
Health and Status
Support Blue Cyber
Forces
Support Blue De fensive
Cyber Operations
Support Blue Offensive
Cyber Operations Assess Blue Network
Health and Status
Asse ss Network / Asset
Compliance
Provide Blue Network
Topology and
Configuration
Provide Intrusion /
Malicious Code Ale rtProvide Network
Intrusions Warning
Assess Red Cyber Forces Assess Red Missions,
Actions, and Intentions
Asse ss Red Ne twork
Health and Status
Assess Unattributable /
Neutral / Grey NetworksSupport Red and Blue
Inte lligence
Understand Red Network
Topology and Configuration
Protection
Prevent
Communictions &
Computers
Information Transport
Enterprise Services
Ne t Manage ment
Command and Control
Monitor
Joint Capability Areas
Battlespace Awareness
Direct Collection BA Data Dissemination &
Relay
Mitigate Planning & Direction Processing / Exploitation Analysis, Prediction &
Production
Organize UnderstandPlanning Decide
Connect, Access and
Share
Operate and De fend
Connect Operate De fend
Ad Hoc Ne tworks Infrastructure
Provisioning
Assured End to End
Communications
Global Connections Internet Connectivity Continuity of Operations IE Health and Readiness
Measureme nt
IE Situational Awareness Automated Configuration
Changes
Dynamic Configuration
Management
Dynamic Routing /
Policy-based
Management
End-to-End Quality of
Se rvice
Integrated Network
Operations Services
NetOps-Enabled
Resources
Cross Domain Security
(CDS) Enforcement
Data and Metadata
Protection
Network Defense IE Incident Response
Offensive Counter
Cyberspace (OCC) for
Global Reach & Acce ss
Offensive Cyberspace Operations (OCO)
Proactive Defense (PD)
Defensive Counter Cyberspace (Reconnaissance/Counter
Reconnaissance)
Protect DataProtect Networks Characterize Cyberspace
Threats
Identify Non-Traditional
Cyberspace Threats
Mitigate Cyberspace
Threats
Information-Based Vulnerability Identification
Information Threat Mitigation
Information Risk Assessment
Active Indicator Monitoring
Communications Monitoring
Posted Information/ Application Monitoring/
Analysis
Network Analysis and Reporting
Detection Cyberspace Maneuver
Boundary Protection
Cyberspace Pursuit
Active Prevention
Cyberspace Scoping
Cyberspace Threat
Response
Cyberspace Risk Mitigation
Cyberspace Education and
Train ing
Cyberspace Recovery
Cyberspace Adversary Iso lation
Cyberspace Adversary Deterrence
Cyberspace Adversary Disruption
Malicious Cyberspace
Activity Detection
Cyberspace Reconnaissance
Department of Defense Information Network (DoDIN)
Operations
Network Extension and Resiliency Cyberspace Command & Control
Cyberspace Intelligence Surveillance;
Reconnaissance (ISR) & S ituational Awareness (SA)
Data Confidentiality & In tegrity Systems (DCIS)
Persistent Network Operations (PNO)
Analyze ISR and SACollect ISR and SA Predict ISR and SACore Enterprise Services
Transport InformationManage Cyberspace
Area of ResponsibilityNetwork
Functions and Resources Optimization
Decide ActionsDirect Actions Monitor SAPlan Actions
Understand S ituational Awareness (SA) Secure In formation at
RestSecure Information in
Motion
Network Extension Network Resiliency
Network Resilience Governance
Network Resilience Strategy
Flexible Network Development
Robust Network Design
Network Mobility
Network Adaptability
Cyberspace Data Collection
Information Requirements Composition
Cyberspace Data Transformation
Cyberspace Information
Analysis
Cyberspace Intelligence Production
Cyberspace Intelligence
Dissemination
Enterprise Information
Services
Messaging
Discovery
Collaboration
Directory Services
User Assistant
Application Hosting
Continuity of Operations
Disaster Recovery
Global Connectivity
Network C2, SA, NetOps
Information Exchange
Mission Information
Exchange
Network Performance
Assurance
Real-Time Network Function
Management
Network Operation and Maintenance
Centralized Network Management
Enterprise Network Configuration and Usage Governance
Network Resource Visibility
Indications, Warning, and
Threat Identification
S ituational Awareness Reporting
Cyberspace Order
Transmittal
Shared SA InformationDefended Asset
Identification
SA Information Presentation
SA Information Correlation/ Analysis
Network Configuration
Planning
Network Planning
Refinement
Network Threat Determination
Environment Determination
COA Selection
Cyberspace Tasking
Network Metrics Determination
Governance Compliance Assessment
Network Effects Assessment
Objectives Assessment
Access Authentication/ Authorization
for S torage
Access Authentication/ Authorization for Retrieval
Encryption for Storage
Decryption for Retrieval
Authentication/ Authorization for Transmittal
Information Protection for
Transmittal
Encryption for Transmittal
Decryption for Reception
Force Support
Force Pre paration
Logistics
Base and
Installations
Support
DoDIN Capabilities
Optimize d
Network
Functions &
Resources
Force Application
ManeuverEngagement
Knowledge Ops Linked Capabilities
Cyber Range Operations Cyber Range Operations
Defensive Cyberspace Ope rations (DCO)
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
Classified Message Incident (CMI) Report
Operations Security (OPSEC) Report
Information Protection Alerts (IPA)
Web Risk Assessments (WRA)
Cyberspace Operational Risk Assessments (CORA)CDA Produces
USAF Cyberspace Defense Analysis (CDA) Operational View (OV-1) GraphicUnclassified; For Official Use Only
Unclassified; For Official Use Only
AFNETCDA Monitors and Assesses
USAF UnclassifiedVoice Networks
RF Spectrum; HF -> SHF bands, LMRs, Mobile Phones, Wireless LANs
Electronic Mail Traversing the AFNET
Social Media Network info originating in AFNet &posted to public sites not owned, operated, or controlled by DoD or US Gov
s
LIKE
LIKE
Personally Identifiable Information (PII) Breach Reports
Network Defense Support Report
USAF CDA Team
Threat Status Reports and Information
Cyberspace Ops Controller (1)
Cyberspace Defense Analysts (3)
AF Cyberspace Defense Analysis Operations Console
(notional)
CYBERSPACE DEFENSE ANALYSIS
CYBERSPACE VULNERABILITYASSESSMENT / HUNTER
AIR FORCE CYBERSPACE DEFENSE
CYBER COMMAND AND CONTROL MISSION SYSTEM CYBERSPACE SECURITY AND CONTROL SYSTEM
AIR FORCE INTRANET CONTROL
Cyberspace Weapon SystemsOperational Concept Graphics
Incorporating Operational Needs Into DoDAF Architecture
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
Manage Change Activity Model
Approve Change Sequence Diagram
Configuration Management Data Model
48~ Use Cases & Mission Threads- Process Models- Sequence Diagrams- Data Models- Roles & Responsibilities
Cyberspace Weapon SystemsUse Cases and Mission Threads
Operator Involvement Critical for Accurate/Current Mission Threads
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
Wrap
Cyberspace Weapon SystemData Flow Matrix
NR KPPs
Use Case
CCIR
JS/J6 FocusDTIC Test Plan
Architecture Provides Key Input To Testing Criteria
Performance
System Function
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
How We Do ItSystem Nodes w/ System Function Overlay
Where are the Policy Enforcements Points?Who Controls Them? With What?
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
~ 1,500 REGISTERED USERS
https://cs2.eis.af.mil/sites/10344/arch-eng/afnet/default.aspx
Where Is It?AFNIC Architecture Home Page
DoDAF-compliant Architectures for:• Cyberspace Superiority 2012, 2016, 2024• Defensive Cyber Ops• Six (6) Cyberspace Weapons Systems• Enterprise IT Service Management• Knowledge Operations• AF Network (AFNet)• SIPR Modernization (AFNet-S)• Cyber Range• ISR Information • JIE Joint Regional Security Stacks • JIE Installation Services Nodes• 50+ UML Cyber Ops Use Cases
Requirements Traceability• Joint Capabilities Areas• DoD Information Environment Arch• Joint Common System Functions
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
Questions?
Your Brain on Architectures
Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence
SERVITIO DEDICATI75