(Domingo) 20190530 - BRIEF TO NMIOTC Cyber - …...1$72 81&/$66,),(' $&7 ±/HDGLQJ 1$72 0LOLWDU\...
Transcript of (Domingo) 20190530 - BRIEF TO NMIOTC Cyber - …...1$72 81&/$66,),(' $&7 ±/HDGLQJ 1$72 0LOLWDU\...
ACT – Leading NATO Military Transformation
Supreme Allied Commander Transformation
NATO Cyberspace OperationsBrief to Maritime Security Regimes
Round Table
Norfolk VA, 30 April to 1 May 2019
Dr. Alberto DOMINGO
NATO UNCLASSIFIEDCAPDEV / CAP / Cyber
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
• With the 2016 Warsaw Summit’s declaration, NATO recognizedcyberspace as a domain of operations in which NATO must defenditself as effectively as it does in air, on land and at sea.
• The ability to protect and to conduct operations in and through thecyberspace became a prerequisite to safeguard the Alliance’s freedomof action and decision in all other domains of operation.
• NATO needs to move from CIS security and cyber defense into theability to conduct operations in and through cyberspace.
Cyber-Background
NATO maritime community, mostly NFS, should be aware and participate in NATO efforts to develop the cyberspace domain of operations, as it is a logical
stakeholder (both provider and consumer) of cyberspace capabilities.
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
• Don’t expect isolated cyber attacks, but rather a persistentcombination of:
A hybrid threat model
• Cyber effects:– Denial of Service
– Data exfiltration
– Insider attacks
– Data corruption
– Masquerading
– Cyber effects
• Combined with:– Public opinion development
• Fact fighting
• Fake news and fact fighting
• Sentiment manipulation
– Attention deviation
– Triggered social unrest and demonstrations
– Delivery of kinetic effects
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Vision & Strategy
VISIONThe Alliance is able to defend itself in cyberspace as effectively as in Air, Land or Sea
The Alliance has integrated cyberspace into its coordinated, corss-domain aproach, ensuring all joint operational effects support its core tasksand support NATO’s broader deterrence and defence posture
PROTECT & DEFEND ALLIANCE CYBERSPACE
MAINTAIN CYBERSPACE CAPABILITIES REQUIRED TO
SUPPORT NATOS’s TASKS
ENSURE CYBERSPACE AS A DOMAIN OF OPERATIONS
SUPPORTS NATO’s BROADER DETERRENCE AND DEFENCE
INTEGRATE CYBERSPACE INTO ALL ASPECTS OF JOINT OPERATIONS
FOSTER UNITY OF EFFORT THROUGH EFFECTIVE
RELATIONSHIPS (GOV, ACADEMY, INDUSTRY) W
AYS
OPE
RATI
ON
AL P
ROCE
SSES
IND
UST
RY &
ACA
DEM
IA C
OLA
BORA
TIO
N
CIVI
L –
MIL
ITAR
Y CO
OPE
RATI
ON
INFO
RMAT
ION
& IN
TELL
IGEN
CE S
HA
RIN
G
LIN
KAG
ES W
ITH
NFS
AN
D N
ATIO
NAL
CYB
ER D
EFEN
CE
ORG
ANIT
ATI
ON
S
ADVA
NCE
PLA
NN
ING
AN
D C
RISI
S RE
SPO
NSE
SOVE
REIG
N C
YBER
EFF
ECTS
PRO
VID
ED B
Y AL
LIES
IN A
OM
AALI
ED JO
INT
DO
CTRI
NE
INTE
RNAT
ION
AL L
AW
MIS
SIO
N A
SSU
RAN
CE
INTE
ROPE
RABI
LITY
MIL
ITA
RY S
TRU
CTU
RES
PERS
ON
NEL
SYST
EMS
MEA
NS
AD
VAN
CED
PER
SIST
ENT
CYBE
RSPA
CE D
EFEN
CE
RESI
LIEN
CE
STAF
F &
ORG
AN
IZAT
ION
CYBE
RSPA
CE S
ITU
ATIO
NA
L AW
AREN
ESS
STRO
NG
FED
ERAT
ION
& C
OLL
ECTI
VE D
EFEN
CE
CIS
SECU
RITY
& A
DVA
NCE
D C
YBER
DEF
ENCE
TEC
HN
ICAL
MEA
SURE
S
RESI
LIEN
CE
PERS
ISTE
NT
CYBE
RSPA
CE D
EFEN
CE
ABIL
ITY
TO R
ESPO
ND
AN
D S
TRAT
COM
NATO MISION VISION AND STRATEGY ON CYBERSPACE AS A DOMAIN OF OPERATIONS
* Extracted from Military Vision And Strategy on Cyberspace as a Domain of Operations. MC 0665, February 2018.
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Functional Analysis
* Extracted from Cyberspace Operations Functional Analysis, 6000/TSC FCR 0200/TT-180201 /Ser:NU0269, April 2018
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Prevent Attacks
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Defend Against Attacks
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Recover from Attacks
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Situational Awareness
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
SA in the C2 process
* Extracted from [JTFHQ SOP 231, 2015], The COP supporting the decision making process
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Situational Awareness
* Extracted rom FMN Spiral 3 Procedural Instructions for Situational Awareness
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
What makes Cyber SA?• Technical-level relevant data:
– Cyber Threat Intelligence
– Open Source Intelligence (OSINT)
– Cyber Threat Assessments
– Cyber Incident Analysis
– CIS Security Services Generic Vulnerabilities
– Indicators of Compromise (IOCs) for Malware Detection
– Best Practices
– Malware Analysis
– Forensics/Incident Analysis Results and Cyber Actions
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
What makes Cyber SA?• Technical-level relevant data:
– Cyber Threat Intelligence
– Open Source Intelligence (OSINT)
– Cyber Threat Assessments
– Cyber Incident Analysis
– CIS Security Services Generic Vulnerabilities
– Indicators of Compromise (IOCs) for Malware Detection
– Best Practices
– Malware Analysis
– Forensics/Incident Analysis Results and Cyber Actions
• Operational-level relevant data:– List of Potential National Voluntarily
cyber effects– Revised operational cyber effects list– Intel on adversary cyber capabilities
and CIS vulnerabilities– Political constraints list – Operational constraints list– Cyber Rules of Engagement (RoE)– C2 arrangements of National
Voluntarily effects orchestrating – Cyber effects request – Cyber effects offer – Cyber dynamic risk assessment
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
What makes Cyber SA?• Technical-level relevant data:
– Cyber Threat Intelligence
– Open Source Intelligence (OSINT)
– Cyber Threat Assessments
– Cyber Incident Analysis
– CIS Security Services Generic Vulnerabilities
– Indicators of Compromise (IOCs) for Malware Detection
– Best Practices
– Malware Analysis
– Forensics/Incident Analysis Results and Cyber Actions
• Operational-level relevant data:– List of Potential National Voluntarily
cyber effects– Revised operational cyber effects list– Intel on adversary cyber capabilities
and CIS vulnerabilities– Political constraints list – Operational constraints list– Cyber Rules of Engagement (RoE)– C2 arrangements of National
Voluntarily effects orchestrating – Cyber effects request – Cyber effects offer – Cyber dynamic risk assessment
• Strategic-level relevant data:– Status of mission essential
assets
– Initial recognition of players in the cyber operations environment
– Information for intelligence, surveillance, and reconnaissance process
– Information for joint SA
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Federated cyber SA concept
• More than the RCyberP, COP
• Intelligence heavy
• CIS heavy, but not dominated by CIS
• Reliant on Information sharing (nations, partners, industry,civilian organizations)
• Requires development of interoperability standards
• Process-based, tool-development should not be the maineffort
• Able to integrate considerations of nationally provided cybereffects
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Domain contributions
• Network Awareness:– Regional/functional cyberspace information
– Status of Blue cyberspace
– Cyber sensor output
– Correlated events/incidents
– Service management and control information (RCISP)
• Mission Awareness:– Risk assessment
– Damage assessment
– Support to Commander’s decision-making
– Voluntary sovereign cyberspace effects information
• Threat Awareness:– TBD. Work in progress
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Cyber information sharing
* Extracted from Implications of Federating Cyberspace Operations. 6000/TSC FCR 0120-TT-180244/Ser:NU0233. April 2018.
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
Cyber information sharing
NATO UNCLASSIFIEDACT – Leading NATO
Military Transformation
NATO Challenges
• Political level of ambition
• Operations in alliance/coalition/federation:– Federation / Partner Involvement– Information Sharing (Trust)– Interoperability
• Outdated Policy
• Backlog in Warfare Development
• Practical Details on Collaboration with Nations and Civil/Military cooperation
ACT – Leading NATO Military Transformation
Supreme Allied Commander Transformation
NATO Cyberspace OperationsBrief to Maritime Security Regimes
Round Table
Norfolk VA, 30 April to 1 May 2019
Dr. Alberto DOMINGO
NATO UNCLASSIFIEDCAPDEV / CAP / Cyber