How to Strengthen Cyber Defence Competencies and Skills … · The Cyber Defence Aspects of the...
Transcript of How to Strengthen Cyber Defence Competencies and Skills … · The Cyber Defence Aspects of the...
How to Strengthen Cyber Defence Competencies and Skills across EU-led Deployed Operations
Specific
Military
Capabilities &
Technology
Operational
Excellence
for CSDP
Political &
Strategic
Framework
Dual-Use
Civil-Military
Cooperation
Baltic Defence College 4th Cyber Security Training Conference Riga, 25-26 October 2016
Wolfgang Roehrig EDA Programme Manager Cyber Defence
[email protected] +32 (0)2 504 2966
www.eda.europa.eu 2
Talking Points
EDA and Cyber Defence
Strategic Background
The EU Cyber Security Strategy;
The EU Cyber Defence Policy Framework and ist Implementation;
The Cyber Defence Aspects of the Capability Development Plan.
The Value of Architectures for planning Cyber Defence for EU-led
Operations
The Human Factor
Required Cyber Defence Competencies and Skills of deployed personnel;
On the Road to a Cyber Defence competent workforce for EU-led Operations:
Follow-ups of the EDA Cyber Defence TNA.
Conclusions-Discussion Points
www.eda.europa.eu 3
Facts & Figures
27 Member States (all EU members except Denmark)
& Administrative Arrangements
with Norway, Serbia, Switzerland
and Ukraine)
Operational budget 2015
30,5 Mio
Number and value of ad-hoc
projects 2015:
22 projects / 70 Mio
Value R&T projects 2004-2016 run
within EDA: €1 billion
Only Agency whose Steering Board meets at ministerial level
Established
2004
Based in
BRUSSELS
140 staff connected with
2,500 experts in
Member States EDA Chief
Executive
Jorge
DOMECQ
www.eda.europa.eu 4
Mission
… to support
the Council and the Member
States in their effort to improve
the European Union’s defence
capabilities for the Common
Security and Defence Policy.*
* Treaty of Lisbon, signed in 2007,
entered into force in 2009
… so we do on Cyber Defence!
www.eda.europa.eu 5
Organisation
DEPUTY CHIEF
EXECUTIVE
CHIEF
EXECUTIVE
Strategy & Policy
Media & Communication
Audit
Corporate Service Directorate
European Synergies and
Innovation - ESI
Capability, Armament &
Technology - CAT
Cooperation Planning &
Support - CPS
Innovative Research
Energy & Environment
Information Superiority
Maritime
RPAS
AAR/Airlift
Cyber Defence
SatCom
Cooperation Planning
Helicopter Training
Military Airworthiness,
Standardisation & Certification
Operations Support
Education, Training & Exercises
Industry Strategy and
wider EU Policies
Space
• Human Resources
• Finance
• Procurement & Contracting
• Information Technology
• Security & Infrastructure
• Legal Advisor
• Wider EU Policies
• Industry Relations and
Support
• Strategic Foresight
Preparatory Action
Single European Sky/SESAR
Maritime
Land & Logistics
Air
www.eda.europa.eu 6
Cyber Security Strategy for the European Union: -An open, safe and secure Cyberspace-
STRATEGIC PRIORITIES AND ACTIONS 1. Achieving cyber resilience
2. Drastically reducing cybercrime
3. Developing Cyber Defence capabilities in the framework of
Common Security and Defence Policy (CSDP)
4. Developing the industrial and technological resources for
cybersecurity
5. Establishing a coherent international cyberspace policy for the
European Union and promote EU fundamental rights and core
values
www.eda.europa.eu 7
THE KEY MILITARY ASPECTS
“Cyber security efforts in the EU also involve the cyber defence
dimension.”
Assess operational EU cyber defence requirements and promote the
development of EU cyber defence capabilities and technologies to
address all aspects of capability development;
Develop the EU cyber defence policy framework to protect networks
within CSDP missions and operations;
Promote civil-military dialogue in the EU and contribute to the
coordination between all actors at EU level;
Ensure dialogue with international partners, including NATO, other
international organisations and multinational Centres of Excellence.
Cyber Security Strategy for the European Union: -An open, safe and secure Cyberspace-
www.eda.europa.eu 8
EU Cyber Defence Strategic Priority Areas 1. Supporting the development of Member States cyber defence capabilities
related to CSDP;
7 concrete actions (MS, EDA, EEAS).
2. Enhancing the protection of CSDP communication networks used by EU entities;
6 concrete actions (EEAS).
3. Promotion of civil-military cooperation and synergies with wider EU cyber policies, relevant EU institutions and agencies as well as with the private sector;
4 concrete actions on civ-mil cooperation (EDA, ENISA, EC3, MS and other);
6 concrete actions on research and technology in cooperation with the private sector and academia (EDA, Commission, MS and other).
4. Raising awareness through improved training, education and exercise opportunities for the Member States;
8 concrete actions on education & training (EEAS, EDA, ESDC and MS);
4 concrete actions on exercises (EEAS and MS).
5. Cooperate with relevant international partners, notably with NATO, as appropriate.”
8 concrete actions (EEAS, EDA and MS).
www.eda.europa.eu 9
Cyber Defence Key Elements
9
People
Processes
Cyber
Security
Technology
Successful
Cyber
Defence
www.eda.europa.eu 10
New CDP tasking (CDP 2014 Revision)
COMBATTING CYBER THREATS
• Building a skilled military Cyber Defence workforce:
- mainstreaming cyber defence training and exercises at EU level,
- supporting military in-house training and exercises, and training
provided by the private sector.
• Ensure the availability of pro- and reactive state-of-the-art Cyber
Defence Technology:
- in the area of awareness and decision making,
- for threat and attack detection, and response,
- including keeping track of new technological trends (Technology
Watch).
People
Cyber
Defence
Technology
Business
as Usual
Use Case
(based on a
S&R
operation)
Use Case
(based on a
SoPBF
operation)
CD Capability
Catalogue
• EUMS CD CONCEPT
• CSDP CD
requirements
• …
CD Enterprise
Architecture
DOTMPLF-I
Gaps and
overlaps
DLoDs
High level approach
Use Cases:
www.eda.europa.eu 12
Important cyber defence factors for each phase of an operation
• CD operation
planning Process
• CD Threat & Risk
Analysis
• (Physically)
Commissioning /
Deploying the CD
system
• CD system
Accreditation
• Prevention and
Protection
• Detection and
Reaction
Returning to BaU
state and
Redeployment
Permanent
CD
operations
www.eda.europa.eu 13
Organizational Design - Resilient Cyber Defence Units
Capability
to monitor
system´s
performance
Capability
to anticipate
threats and
possible
solutions
•Values, guidelines and standards •Objectives
Doctrines and
Policy
• Capabilities
• Organizational structure
• Work design
• Processes and Procedures
Organization
• Pre-deployment
• Teaming
• LI/LL
Training
• Classification
• “Communities of practice”
• Tools
Infra-structure
• “Chain of command”
• Knowledge Management
• Security Culture
Management & Leadership
• Pool of experts
• Pre-deployment Training
• Job Descriptions
Human Resources
Peacetime /
Planning Deployment Execution Transition
Resiliency
www.eda.europa.eu 14
Training Needs Analysis (TNA) Methodology
www.eda.europa.eu 15
Overall Target Audience Boundaries
Military and civilian personnel in the EU
Institutions and pMS Defence organisations who:
• Engage in policy, strategy, concept and
capability development for;
• Implement and support;
• Are held at readiness for, and/or;
• Are committed to:
… CSDP military Crisis Management Operations
and engage with Cyber Defence.
www.eda.europa.eu 16
Cyber Ranges Training & Exercise Target Audience
Expert Level
Insight Level
Awareness Level
www.eda.europa.eu 17
Target audience relationships (Career Models)
CSDP
Senior
Decision
Makers
CSDP C4 Practitioners
CSDP CD Specialists
Entry
Entry
Promotion
Promotion
Cross-
Postings
CSDP ICT Users Entry
www.eda.europa.eu 18
Hierarchical Task Analysis (HTA) and Task Groupings
www.eda.europa.eu 19
Cognitive Taxonomy (Bloom)
Understand
(Exhibit a sound
understanding of
previously learned
material by recalling
appropriate facts, terms
and concepts)
Apply
(Effectively apply an
understanding of
appropriate facts, terms
and concepts in both
familiar and new
situations)
Analyse
(Categorise information,
identify motives, discern
causality, make
inferences and find
evidence with which to
address hypotheses)
Evaluate
(Express and justify opinions
by making sound judgments
about the utility of
information, the validity of
ideas or the quality of work,
based on an appropriate set
of criteria)
www.eda.europa.eu 20
Competencies and Skills Framework Snapshot
Grouping Task No Task
Description No
Sub-Task
Description No
Task Element
Description Priority Competence Descriptors
Hig
h / M
ed
ium
/ L
ow
Understan
d
(Exhibit a
sound
understand
ing of
previously
learned
material by
recalling
appropriate
facts,
terms and
concepts)
Apply
(Effectively
apply an
understandin
g of
appropriate
facts, terms
and concepts
in both
familiar and
new
situations)
Analyse
(Categorise
information,
identify
motives,
discern
causality,
make
inferences
and find
evidence
with which to
address
hypotheses)
Evaluate
(Express and
justify
opinions by
making
sound
judgments
about the
utility of
information,
the validity of
ideas or the
quality of
work, based
on an
appropriate
set of criteria)
1.0
- P
RE
PA
RE
(Un
de
rsta
nd
Cyb
er
ris
ks
an
d f
ram
e a
dvic
e,
po
lic
ies
, c
on
ce
pts
, s
trate
gie
s, d
oc
trin
e a
nd
pla
ns
ac
co
rdin
gly
)
Busine
ss as
Usual'
Directi
on and
Plannin
g
1.1
Shape,
develop and
implement
'Business as
Usual'
policies and
plans that
address
cyber risks
1.
1.
1
Provide
advice to
political
leaders
1.1.
1.1
Provide CD-informed
advice to political
leaders regarding
policy, strategy,
concept, doctrine
and/or capability
development for
CSDP Military CMO
H
Understan
d how CD-
informed
advice is
provided to
political
leaders
regarding
policy,
strategy,
concept,
doctrine
and/or
capability
developme
nt for
CSDP
Military
CMO
Contribute to
formulation
of CD-
informed
advice to
political
leaders
regarding
policy,
strategy,
concept,
doctrine
and/or
capability
development
for CSDP
Military CMO
Formulate
CD-informed
advice to
political
leaders
regarding
policy,
strategy,
concept,
doctrine
and/or
capability
development
for CSDP
Military CMO
Provide CD-
informed
advice to
political
leaders
regarding
policy,
strategy,
concept,
doctrine
and/or
capability
development
for CSDP
Military CMO
www.eda.europa.eu 21
Follow-up on the EDA Cyber Defence TNA
EDA Cyber
Defence Training
Needs Analysis EU Military Training
Working Group
Cyber Def Discipline
ESDC and ESDC
Network
EDA Cyber Defence
Training Needs
Analysis
Update (2017/18)
EDA
Cyber Defence
Course & Exercise
Development
www.eda.europa.eu 22
Infrastructures
in support of
Training
and Exercises
(Cyber Ranges)
Centralised
Coordination
for decentralised
Training and
Exercise Execution
(CD TEXP)
Building a
Military Cyber
Defence
Workforce
Means to build Cyber Defence Competencies and Skills
Academic
Education
Military Inhouse
Education, Training
and Exercises
(National/
Multinational)
Private Sector
provided Training
and support for
Exercises
Joint Training and
Exercises with
other governmental
sectors
(National/
Multinational)
DePoCyTE
Demand Pooling of pMS Demand for Private Sector
Cyber Defence Training & Exercise Support (DePoCyTE)
Building Operational Excellence
www.eda.europa.eu 24
All users module (web facing information portal)
Public publishing
Public Course
calendar
Registration for users
User access page
Standard and back office users modules
Personalised Desktops
Training Courses Coordination and
Management
Exercises Coordination and
Management
Back office modules
Training Courses
Execution Support
Exercises Execution Support
Training Courses Design
and Develop
ment
Exercises Design
and Develop
ment
Training Courses
and Exercises Resource
Mgmt
Mgmt of Cyber
Ranges Federation
Internet
Any Internet user
Course Students
Exercise Participants
Course/Exercise Planers/Managers
Course Instructors
Course/Exercise Developers/
Designer
Cyber Ranges Manager/ Demander
Publishing/Transfer
Publishing/Transfer
Envisaged to be
available and
operational 1 Oct 2017
CD TEXP
www.eda.europa.eu 25
Conclusion –Discussion Points
• A lot has moved since 2011 (PT establishment) and 2013 (EU Cyber Security
Strategy);
• Cooperation is crucial to fight comprehensive/hybrid threats;
• Competencies and Skills Framework based structured Approach in NATO and
EU to assess ETEE requirements;
• Plenty of Cyber Defence ETEE Projects are ongoing;
• Cyber Defence ETEE part of the Warsaw Summit NATO-EU Joint Declaration;
• However, still some fragmentation;
• Work is ongoing to improve NATO-EU coordination on Cyber Defence ETEE;
• Cooperation with the civil side (NIS, Cybercrime) has high potential as the
military has competencies and skills “overlaps” with both communities.
www.eda.europa.eu 26
www.eda.europa.eu 27
Commander’s key questions related to Cyber
1. How do regional and global actors with interests in the deployment region make use of the cyber
domain (what are their offensive cyber capabilities, and what are their motivations and thresholds
to employ offensive cyber capabilities)?
2. How can strategic cyber threats and cyber factors affect the operation?
3. Which options help to reduce undesirable consequences of cyber activities?
4. What is the applicable legal framework (e.g. Law of Armed Conflict) and which authorization (e.g.
Rules of Engagement) and escalation processes are/have to be in place?
5. How do cyber factors affect own courses of action?
6. When and where are cyber-assets critical for success, what are their vulnerabilities and how can
the risk that these vulnerabilities will be exploited be mitigated?
7. Which cyber defence considerations should be de-conflicted and coordinated with other
considerations?
8. Which cyber defence activities should be synchronized with activities in other domains?
9. Who are relevant internal and external partners that can support in case of large scale incidents
(e.g. CERT-EU, national CERTs, contracted service provider)?
10. Who should have the authority to release cyber defence related information to external partners?
11. What are the best mechanisms for optimal cyber information-sharing with external partners?
12. How should own cyber defence be organized (structure, manning, processes, disposition,
equipment, training)?