(Domingo) 20190530 - BRIEF TO NMIOTC Cyber - …...1$72 81&/$66,),(' $&7 ±/HDGLQJ 1$72 0LOLWDU\...

$: (Domingo) 20190530 - BRIEF TO NMIOTC Cyber - …...1$72 81&/$66,),(' $&7 ±/HDGLQJ 1$72 0LOLWDU\ 7UDQVIRUPDWLRQ :LWK WKH :DUVDZ 6XPPLW V GHFODUDWLRQ 1$72 UHFRJQL]HG F\EHUVSDFHDVDGRPDLQRIRSHUDWLRQVLQZKLFK1$72PXVWGHIHQG$
ACT – Leading NATO Military Transformation

Supreme Allied Commander Transformation

NATO Cyberspace OperationsBrief to Maritime Security Regimes

Round Table

Norfolk VA, 30 April to 1 May 2019

Dr. Alberto DOMINGO

NATO UNCLASSIFIEDCAPDEV / CAP / Cyber

NATO UNCLASSIFIEDACT – Leading NATO

Military Transformation

• With the 2016 Warsaw Summit’s declaration, NATO recognizedcyberspace as a domain of operations in which NATO must defenditself as effectively as it does in air, on land and at sea.

• The ability to protect and to conduct operations in and through thecyberspace became a prerequisite to safeguard the Alliance’s freedomof action and decision in all other domains of operation.

• NATO needs to move from CIS security and cyber defense into theability to conduct operations in and through cyberspace.

Cyber-Background

NATO maritime community, mostly NFS, should be aware and participate in NATO efforts to develop the cyberspace domain of operations, as it is a logical

stakeholder (both provider and consumer) of cyberspace capabilities.



• Don’t expect isolated cyber attacks, but rather a persistentcombination of:

A hybrid threat model

• Cyber effects:– Denial of Service

– Data exfiltration

– Insider attacks

– Data corruption

– Masquerading

– Cyber effects

• Combined with:– Public opinion development

• Fact fighting

• Fake news and fact fighting

• Sentiment manipulation

– Attention deviation

– Triggered social unrest and demonstrations

– Delivery of kinetic effects



Vision & Strategy

VISIONThe Alliance is able to defend itself in cyberspace as effectively as in Air, Land or Sea

The Alliance has integrated cyberspace into its coordinated, corss-domain aproach, ensuring all joint operational effects support its core tasksand support NATO’s broader deterrence and defence posture

PROTECT & DEFEND ALLIANCE CYBERSPACE

MAINTAIN CYBERSPACE CAPABILITIES REQUIRED TO

SUPPORT NATOS’s TASKS

ENSURE CYBERSPACE AS A DOMAIN OF OPERATIONS

SUPPORTS NATO’s BROADER DETERRENCE AND DEFENCE

INTEGRATE CYBERSPACE INTO ALL ASPECTS OF JOINT OPERATIONS

FOSTER UNITY OF EFFORT THROUGH EFFECTIVE

RELATIONSHIPS (GOV, ACADEMY, INDUSTRY) W

AYS

OPE

RATI

ON

AL P

ROCE

SSES

IND

UST

RY &

ACA

DEM

IA C

OLA

BORA

TIO

N

CIVI

L –

MIL

ITAR

Y CO

OPE

RATI

ON

INFO

RMAT

ION

& IN

TELL

IGEN

CE S

HA

RIN

G

LIN

KAG

ES W

ITH

NFS

AN

D N

ATIO

NAL

CYB

ER D

EFEN

CE

ORG

ANIT

ATI

ON

S

ADVA

NCE

PLA

NN

ING

AN

D C

RISI

S RE

SPO

NSE

SOVE

REIG

N C

YBER

EFF

ECTS

PRO

VID

ED B

Y AL

LIES

IN A

OM

AALI

ED JO

INT

DO

CTRI

NE

INTE

RNAT

ION

AL L

AW

MIS

SIO

N A

SSU

RAN

CE

INTE

ROPE

RABI

LITY

MIL

ITA

RY S

TRU

CTU

RES

PERS

ON

NEL

SYST

EMS

MEA

NS

AD

VAN

CED

PER

SIST

ENT

CYBE

RSPA

CE D

EFEN

CE

RESI

LIEN

CE

STAF

F &

ORG

AN

IZAT

ION

CYBE

RSPA

CE S

ITU

ATIO

NA

L AW

AREN

ESS

STRO

NG

FED

ERAT

ION

& C

OLL

ECTI

VE D

EFEN

CE

CIS

SECU

RITY

& A

DVA

NCE

D C

YBER

DEF

ENCE

TEC

HN

ICAL

MEA

SURE

S

RESI

LIEN

CE

PERS

ISTE

NT

CYBE

RSPA

CE D

EFEN

CE

ABIL

ITY

TO R

ESPO

ND

AN

D S

TRAT

COM

NATO MISION VISION AND STRATEGY ON CYBERSPACE AS A DOMAIN OF OPERATIONS

* Extracted from Military Vision And Strategy on Cyberspace as a Domain of Operations. MC 0665, February 2018.



Functional Analysis

* Extracted from Cyberspace Operations Functional Analysis, 6000/TSC FCR 0200/TT-180201 /Ser:NU0269, April 2018



Prevent Attacks



Defend Against Attacks



Recover from Attacks



Situational Awareness



SA in the C2 process

* Extracted from [JTFHQ SOP 231, 2015], The COP supporting the decision making process



Situational Awareness

* Extracted rom FMN Spiral 3 Procedural Instructions for Situational Awareness



What makes Cyber SA?• Technical-level relevant data:

– Cyber Threat Intelligence

– Open Source Intelligence (OSINT)

– Cyber Threat Assessments

– Cyber Incident Analysis

– CIS Security Services Generic Vulnerabilities

– Indicators of Compromise (IOCs) for Malware Detection

– Best Practices

– Malware Analysis

– Forensics/Incident Analysis Results and Cyber Actions










– Best Practices



• Operational-level relevant data:– List of Potential National Voluntarily

cyber effects– Revised operational cyber effects list– Intel on adversary cyber capabilities

and CIS vulnerabilities– Political constraints list – Operational constraints list– Cyber Rules of Engagement (RoE)– C2 arrangements of National

Voluntarily effects orchestrating – Cyber effects request – Cyber effects offer – Cyber dynamic risk assessment










– Best Practices



• Operational-level relevant data:– List of Potential National Voluntarily

cyber effects– Revised operational cyber effects list– Intel on adversary cyber capabilities

and CIS vulnerabilities– Political constraints list – Operational constraints list– Cyber Rules of Engagement (RoE)– C2 arrangements of National

Voluntarily effects orchestrating – Cyber effects request – Cyber effects offer – Cyber dynamic risk assessment

• Strategic-level relevant data:– Status of mission essential

assets

– Initial recognition of players in the cyber operations environment

– Information for intelligence, surveillance, and reconnaissance process

– Information for joint SA



Federated cyber SA concept

• More than the RCyberP, COP

• Intelligence heavy

• CIS heavy, but not dominated by CIS

• Reliant on Information sharing (nations, partners, industry,civilian organizations)

• Requires development of interoperability standards

• Process-based, tool-development should not be the maineffort

• Able to integrate considerations of nationally provided cybereffects



Domain contributions

• Network Awareness:– Regional/functional cyberspace information

– Status of Blue cyberspace

– Cyber sensor output

– Correlated events/incidents

– Service management and control information (RCISP)

• Mission Awareness:– Risk assessment

– Damage assessment

– Support to Commander’s decision-making

– Voluntary sovereign cyberspace effects information

• Threat Awareness:– TBD. Work in progress



Cyber information sharing

* Extracted from Implications of Federating Cyberspace Operations. 6000/TSC FCR 0120-TT-180244/Ser:NU0233. April 2018.



Cyber information sharing



NATO Challenges

• Political level of ambition

• Operations in alliance/coalition/federation:– Federation / Partner Involvement– Information Sharing (Trust)– Interoperability

• Outdated Policy

• Backlog in Warfare Development

• Practical Details on Collaboration with Nations and Civil/Military cooperation

ACT – Leading NATO Military Transformation

Supreme Allied Commander Transformation

NATO Cyberspace OperationsBrief to Maritime Security Regimes

Round Table

Norfolk VA, 30 April to 1 May 2019

Dr. Alberto DOMINGO

NATO UNCLASSIFIEDCAPDEV / CAP / Cyber

(Domingo) 20190530 - BRIEF TO NMIOTC Cyber - …...1$72 81&/$66,),(' $&7 ±/HDGLQJ 1$72 0LOLWDU\...

Documents

Transcript of (Domingo) 20190530 - BRIEF TO NMIOTC Cyber - …...1$72 81&/$66,),(' $&7 ±/HDGLQJ 1$72 0LOLWDU\...