How to Strengthen Cyber Defence Competencies and Skills across EU-led Deployed Operations

Specific

Military

Capabilities &

Technology

Operational

Excellence

for CSDP

Political &

Strategic

Framework

Dual-Use

Civil-Military

Cooperation

Baltic Defence College 4th Cyber Security Training Conference Riga, 25-26 October 2016

Wolfgang Roehrig EDA Programme Manager Cyber Defence

Wolfgang.Roehrig@eda.europa.eu +32 (0)2 504 2966

www.eda.europa.eu 2

Talking Points

EDA and Cyber Defence

Strategic Background

The EU Cyber Security Strategy;

The EU Cyber Defence Policy Framework and ist Implementation;

The Cyber Defence Aspects of the Capability Development Plan.

The Value of Architectures for planning Cyber Defence for EU-led

Operations

The Human Factor

Required Cyber Defence Competencies and Skills of deployed personnel;

On the Road to a Cyber Defence competent workforce for EU-led Operations:

Follow-ups of the EDA Cyber Defence TNA.

Conclusions-Discussion Points

www.eda.europa.eu 3

Facts & Figures

27 Member States (all EU members except Denmark)

& Administrative Arrangements

with Norway, Serbia, Switzerland

and Ukraine)

Operational budget 2015

30,5 Mio

Number and value of ad-hoc

projects 2015:

22 projects / 70 Mio

Value R&T projects 2004-2016 run

within EDA: €1 billion

Only Agency whose Steering Board meets at ministerial level

Established

2004

Based in

BRUSSELS

140 staff connected with

2,500 experts in

Member States EDA Chief

Executive

Jorge

DOMECQ

www.eda.europa.eu 4

Mission

… to support

the Council and the Member

States in their effort to improve

the European Union’s defence

capabilities for the Common

Security and Defence Policy.*

* Treaty of Lisbon, signed in 2007,

entered into force in 2009

… so we do on Cyber Defence!

www.eda.europa.eu 5

Organisation

DEPUTY CHIEF

EXECUTIVE

CHIEF

EXECUTIVE

Strategy & Policy

Media & Communication

Audit

Corporate Service Directorate

European Synergies and

Innovation - ESI

Capability, Armament &

Technology - CAT

Cooperation Planning &

Support - CPS

Innovative Research

Energy & Environment

Information Superiority

Maritime

RPAS

AAR/Airlift

Cyber Defence

SatCom

Cooperation Planning

Helicopter Training

Military Airworthiness,

Standardisation & Certification

Operations Support

Education, Training & Exercises

Industry Strategy and

wider EU Policies

Space

• Human Resources

• Finance

• Procurement & Contracting

• Information Technology

• Security & Infrastructure

• Legal Advisor

• Wider EU Policies

• Industry Relations and

Support

• Strategic Foresight

Preparatory Action

Single European Sky/SESAR

Maritime

Land & Logistics

Air

www.eda.europa.eu 6

Cyber Security Strategy for the European Union: -An open, safe and secure Cyberspace-

STRATEGIC PRIORITIES AND ACTIONS 1. Achieving cyber resilience

2. Drastically reducing cybercrime

3. Developing Cyber Defence capabilities in the framework of

Common Security and Defence Policy (CSDP)

4. Developing the industrial and technological resources for

cybersecurity

5. Establishing a coherent international cyberspace policy for the

European Union and promote EU fundamental rights and core

values

www.eda.europa.eu 7

THE KEY MILITARY ASPECTS

“Cyber security efforts in the EU also involve the cyber defence

dimension.”

Assess operational EU cyber defence requirements and promote the

development of EU cyber defence capabilities and technologies to

address all aspects of capability development;

Develop the EU cyber defence policy framework to protect networks

within CSDP missions and operations;

Promote civil-military dialogue in the EU and contribute to the

coordination between all actors at EU level;

Ensure dialogue with international partners, including NATO, other

international organisations and multinational Centres of Excellence.

Cyber Security Strategy for the European Union: -An open, safe and secure Cyberspace-

www.eda.europa.eu 8

EU Cyber Defence Strategic Priority Areas 1. Supporting the development of Member States cyber defence capabilities

related to CSDP;

7 concrete actions (MS, EDA, EEAS).

2. Enhancing the protection of CSDP communication networks used by EU entities;

6 concrete actions (EEAS).

3. Promotion of civil-military cooperation and synergies with wider EU cyber policies, relevant EU institutions and agencies as well as with the private sector;

4 concrete actions on civ-mil cooperation (EDA, ENISA, EC3, MS and other);

6 concrete actions on research and technology in cooperation with the private sector and academia (EDA, Commission, MS and other).

4. Raising awareness through improved training, education and exercise opportunities for the Member States;

8 concrete actions on education & training (EEAS, EDA, ESDC and MS);

4 concrete actions on exercises (EEAS and MS).

5. Cooperate with relevant international partners, notably with NATO, as appropriate.”

8 concrete actions (EEAS, EDA and MS).

www.eda.europa.eu 9

Cyber Defence Key Elements

9

People

Processes

Cyber

Security

Technology

Successful

Cyber

Defence

www.eda.europa.eu 10

New CDP tasking (CDP 2014 Revision)

COMBATTING CYBER THREATS

• Building a skilled military Cyber Defence workforce:

- mainstreaming cyber defence training and exercises at EU level,

- supporting military in-house training and exercises, and training

provided by the private sector.

• Ensure the availability of pro- and reactive state-of-the-art Cyber

Defence Technology:

- in the area of awareness and decision making,

- for threat and attack detection, and response,

- including keeping track of new technological trends (Technology

Watch).

People

Cyber

Defence

Technology

Business

as Usual

Use Case

(based on a

S&R

operation)

Use Case

(based on a

SoPBF

operation)

CD Capability

Catalogue

• EUMS CD CONCEPT

• CSDP CD

requirements

• …

CD Enterprise

Architecture

DOTMPLF-I

Gaps and

overlaps

DLoDs

High level approach

Use Cases:

www.eda.europa.eu 12

Important cyber defence factors for each phase of an operation

• CD operation

planning Process

• CD Threat & Risk

Analysis

• (Physically)

Commissioning /

Deploying the CD

system

• CD system

Accreditation

• Prevention and

Protection

• Detection and

Reaction

Returning to BaU

state and

Redeployment

Permanent

CD

operations

www.eda.europa.eu 13

Organizational Design - Resilient Cyber Defence Units

Capability

to monitor

system´s

performance

Capability

to anticipate

threats and

possible

solutions

•Values, guidelines and standards •Objectives

Doctrines and

Policy

• Capabilities

• Organizational structure

• Work design

• Processes and Procedures

Organization

• Pre-deployment

• Teaming

• LI/LL

Training

• Classification

• “Communities of practice”

• Tools

Infra-structure

• “Chain of command”

• Knowledge Management

• Security Culture

Management & Leadership

• Pool of experts

• Pre-deployment Training

• Job Descriptions

Human Resources

Peacetime /

Planning Deployment Execution Transition

Resiliency

www.eda.europa.eu 14

Training Needs Analysis (TNA) Methodology

www.eda.europa.eu 15

Overall Target Audience Boundaries

Military and civilian personnel in the EU

Institutions and pMS Defence organisations who:

• Engage in policy, strategy, concept and

capability development for;

• Implement and support;

• Are held at readiness for, and/or;

• Are committed to:

… CSDP military Crisis Management Operations

and engage with Cyber Defence.

www.eda.europa.eu 16

Cyber Ranges Training & Exercise Target Audience

Expert Level

Insight Level

Awareness Level

www.eda.europa.eu 17

Target audience relationships (Career Models)

CSDP

Senior

Decision

Makers

CSDP C4 Practitioners

CSDP CD Specialists

Entry

Entry

Promotion

Promotion

Cross-

Postings

CSDP ICT Users Entry

www.eda.europa.eu 18

Hierarchical Task Analysis (HTA) and Task Groupings

www.eda.europa.eu 19

Cognitive Taxonomy (Bloom)

Understand

(Exhibit a sound

understanding of

previously learned

material by recalling

appropriate facts, terms

and concepts)

Apply

(Effectively apply an

understanding of

appropriate facts, terms

and concepts in both

familiar and new

situations)

Analyse

(Categorise information,

identify motives, discern

causality, make

inferences and find

evidence with which to

address hypotheses)

Evaluate

(Express and justify opinions

by making sound judgments

about the utility of

information, the validity of

ideas or the quality of work,

based on an appropriate set

of criteria)

www.eda.europa.eu 20

Competencies and Skills Framework Snapshot

Grouping Task No Task

Description No

Sub-Task

Description No

Task Element

Description Priority Competence Descriptors

Hig

h / M

ed

ium

/ L

ow

Understan

d

(Exhibit a

sound

understand

ing of

previously

learned

material by

recalling

appropriate

facts,

terms and

concepts)

Apply

(Effectively

apply an

understandin

g of

appropriate

facts, terms

and concepts

in both

familiar and

new

situations)

Analyse

(Categorise

information,

identify

motives,

discern

causality,

make

inferences

and find

evidence

with which to

address

hypotheses)

Evaluate

(Express and

justify

opinions by

making

sound

judgments

about the

utility of

information,

the validity of

ideas or the

quality of

work, based

on an

appropriate

set of criteria)

1.0

- P

RE

PA

RE

(Un

de

rsta

nd

Cyb

er

ris

ks

an

d f

ram

e a

dvic

e,

po

lic

ies

, c

on

ce

pts

, s

trate

gie

s, d

oc

trin

e a

nd

pla

ns

ac

co

rdin

gly

)

Busine

ss as

Usual'

Directi

on and

Plannin

g

1.1

Shape,

develop and

implement

'Business as

Usual'

policies and

plans that

address

cyber risks

1.

1.

1

Provide

advice to

political

leaders

1.1.

1.1

Provide CD-informed

advice to political

leaders regarding

policy, strategy,

concept, doctrine

and/or capability

development for

CSDP Military CMO

H

Understan

d how CD-

informed

advice is

provided to

political

leaders

regarding

policy,

strategy,

concept,

doctrine

and/or

capability

developme

nt for

CSDP

Military

CMO

Contribute to

formulation

of CD-

informed

advice to

political

leaders

regarding

policy,

strategy,

concept,

doctrine

and/or

capability

development

for CSDP

Military CMO

Formulate

CD-informed

advice to

political

leaders

regarding

policy,

strategy,

concept,

doctrine

and/or

capability

development

for CSDP

Military CMO

Provide CD-

informed

advice to

political

leaders

regarding

policy,

strategy,

concept,

doctrine

and/or

capability

development

for CSDP

Military CMO

www.eda.europa.eu 21

Follow-up on the EDA Cyber Defence TNA

EDA Cyber

Defence Training

Needs Analysis EU Military Training

Working Group

Cyber Def Discipline

ESDC and ESDC

Network

EDA Cyber Defence

Training Needs

Analysis

Update (2017/18)

EDA

Cyber Defence

Course & Exercise

Development

www.eda.europa.eu 22

Infrastructures

in support of

Training

and Exercises

(Cyber Ranges)

Centralised

Coordination

for decentralised

Training and

Exercise Execution

(CD TEXP)

Building a

Military Cyber

Defence

Workforce

Means to build Cyber Defence Competencies and Skills

Academic

Education

Military Inhouse

Education, Training

and Exercises

(National/

Multinational)

Private Sector

provided Training

and support for

Exercises

Joint Training and

Exercises with

other governmental

sectors

(National/

Multinational)

DePoCyTE

Demand Pooling of pMS Demand for Private Sector

Cyber Defence Training & Exercise Support (DePoCyTE)

Building Operational Excellence

www.eda.europa.eu 24

All users module (web facing information portal)

Public publishing

Public Course

calendar

Registration for users

User access page

Standard and back office users modules

Personalised Desktops

Training Courses Coordination and

Management

Exercises Coordination and

Management

Back office modules

Training Courses

Execution Support

Exercises Execution Support

Training Courses Design

and Develop

ment

Exercises Design

and Develop

ment

Training Courses

and Exercises Resource

Mgmt

Mgmt of Cyber

Ranges Federation

Internet

Any Internet user

Course Students

Exercise Participants

Course/Exercise Planers/Managers

Course Instructors

Course/Exercise Developers/

Designer

Cyber Ranges Manager/ Demander

Publishing/Transfer

Publishing/Transfer

Envisaged to be

available and

operational 1 Oct 2017

CD TEXP

www.eda.europa.eu 25

Conclusion –Discussion Points

• A lot has moved since 2011 (PT establishment) and 2013 (EU Cyber Security

Strategy);

• Cooperation is crucial to fight comprehensive/hybrid threats;

• Competencies and Skills Framework based structured Approach in NATO and

EU to assess ETEE requirements;

• Plenty of Cyber Defence ETEE Projects are ongoing;

• Cyber Defence ETEE part of the Warsaw Summit NATO-EU Joint Declaration;

• However, still some fragmentation;

• Work is ongoing to improve NATO-EU coordination on Cyber Defence ETEE;

• Cooperation with the civil side (NIS, Cybercrime) has high potential as the

military has competencies and skills “overlaps” with both communities.

www.eda.europa.eu 26

www.eda.europa.eu 27

Commander’s key questions related to Cyber

1. How do regional and global actors with interests in the deployment region make use of the cyber

domain (what are their offensive cyber capabilities, and what are their motivations and thresholds

to employ offensive cyber capabilities)?

2. How can strategic cyber threats and cyber factors affect the operation?

3. Which options help to reduce undesirable consequences of cyber activities?

4. What is the applicable legal framework (e.g. Law of Armed Conflict) and which authorization (e.g.

Rules of Engagement) and escalation processes are/have to be in place?

5. How do cyber factors affect own courses of action?

6. When and where are cyber-assets critical for success, what are their vulnerabilities and how can

the risk that these vulnerabilities will be exploited be mitigated?

7. Which cyber defence considerations should be de-conflicted and coordinated with other

considerations?

8. Which cyber defence activities should be synchronized with activities in other domains?

9. Who are relevant internal and external partners that can support in case of large scale incidents

(e.g. CERT-EU, national CERTs, contracted service provider)?

10. Who should have the authority to release cyber defence related information to external partners?

11. What are the best mechanisms for optimal cyber information-sharing with external partners?

12. How should own cyber defence be organized (structure, manning, processes, disposition,

equipment, training)?