The Integrated Threat Force (ITF) A Full Spectrum Advanced Persistent Threat for...
Transcript of The Integrated Threat Force (ITF) A Full Spectrum Advanced Persistent Threat for...
© 2012 General Dynamics.
The Integrated Threat Force (ITF) – A Full Spectrum Advanced Persistent Threat for Operational Tests
ITEA Advanced Persistent Threat Conference 28 November 2012
Steve Woffinden General Dynamics C4 Systems
Sys Eng – Tech Staff ITF Project
Office: (480) 777-1718 [email protected]
© 2012 General Dynamics.
ITEA Advanced Persistent Threat Context
Cyber warfare is no longer something we'll have to worry about in the future. The Stuxnet virus, which targeted and damaged Iranian nuclear infrastructure, showed that internet warfare is happening now. The cost of securing U.S. infrastructure against our enemies will cost billions of dollars.
U.S. Secretary of Defense Leon Panetta warned that the United States could be paralyzed by cyber warfare if it is not prepared. "The reality is that there is the cyber capability to basically bring down our power grid to create ... to paralyze our financial system in this country to virtually paralyze our country," he told reporter Scott Pelley of CBS Evening News."And I think we have to be prepared not only to defend against that kind of attack but if necessary we are going to have to be
prepared to be able to be aggressive when it comes to cyber efforts as well. We've got to develop the technology, the capability we've got to be able to defend this country."
Maybe the most alarming part of cyber warfare is that it doesn't take an organized effort or millions of dollars to implement a devastating attack. A creative devious mind with access to a computer is all that it takes.
ITEA Advanced Persistent Threat Theme:
This presentation will show that the ITF provides the needed opposing force perspective necessary to evaluate the integration of cyber, information
interoperability, and C2!
2
© 2012 General Dynamics.
ITF Presentation Abstract
Discussions about, and definitions used for, the Advanced Persistent Threat usually include only the context of a cyber threat to Information Security and not the full spectrum of threat persistent behaviors. It is noteworthy that Joint Publication 1-02: ... does include “Persistent Surveillance” and “Estimative Intelligence”, which are relevant to this topic.
This presentation proposes definitions for Advanced Persistent Threat in the context of Operational Testing and presents how the Threat Systems Management Office’s (TSMO) existing Integrated Threat Force (ITF) Program brings a scalable, adaptive, full-spectrum advanced persistent threat capability, to include cyber threats, to the operational test community. …
The ITF Initial Operating Capability (IOC) was delivered in December 2010 and has been deployed to support OT events in 2011 and 2012. The ITF is a capability with defined threat representations for high, medium, low and hybrid threats. The ITF also addresses the current Information Operations (IO) environment with threat Computer Network Operations (CNO) and Electronic Warfare (EW) systems integrated into the ITF tactical C4 capabilities. This allows the ITF to represent any set of estimative intelligence that test authorities want to define for the threat, as well as to incorporate cyber events on the “Road To War” as well as during operational execution, which then will define the context for the operational test vignettes. This allows the threat’s persistent behaviors to extend across the definition of start conditions through execution of the tactical vignettes. …
Title: The Integrated Threat Force (ITF) – A Full Spectrum Advanced Persistent Threat for Operational Tests
3
What is the difference between stand alone “persistent” cyber events versus having a coordinated attack from a threat using cyber in combination with
persistent surveillance?
© 2012 General Dynamics.
persistent surveillance — A collection strategy that emphasizes the ability of some collection systems to linger on demand in an area to detect, locate, characterize, identify, track, target, and possibly provide battle damage assessment and retargeting in near or real-time. Persistent surveillance facilitates the prediction of an adversary’s behavior and the formulation and execution of preemptive activities to deter or forestall anticipated adversary courses of action. See also surveillance. (JP 2-0)
estimative intelligence — Intelligence that identifies, describes, and forecasts adversary capabilities and the implications for planning and executing military operations. (JP 2-0)
Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms
8 November 2010 (As Amended Through 15 August 2012)
4
Relevant Joint Definitions
Neither “Advanced Persistent Threat” nor “Persistent Threat” have an agreed definition in the current version of the Joint Pub 1-02: DoD Dictionary
© 2012 General Dynamics.
Advanced Persistent Threat for Operational Test — The representation of threats, to include Command and Control, traditional battlefield functions, and Information Operations, for use in the Operational Test and Evaluation of Systems which accounts for the accumulated knowledge available to the threat force, as well as the context gained during the “Road to War” leading to the test event. The Threat’s persistent surveillance assets provide the basis for intelligence collection as well as offensive operations against the system under test, including the play of CNO, EW, and other sensors (ISR and Human). This allows the threat commander to synchronize cross-functional tactics, techniques and procedures to accomplish the threat’s strategic goals and tactical missions.
It is proposed that, for Operational Testing, Advanced Persistent Threat can be defined as follows:
5
Advanced Persistent Threat Definition
A Threat with persistent surveillance capabilities, to include persistent cyber, and the ability to bring a coordinated approach to achieving their strategic,
operational and tactical objectives is a threat indeed!!
© 2012 General Dynamics. 6
Integrated Threat Force (The Army’s Answer to Threat)
© 2012 General Dynamics. 7
Communicating Persistent Surveillance in the ITF
© 2012 General Dynamics.
CNO
CNO: Wired
x1
CNO: Wireless
x1
EA
x 2
Comms (low) Jammer
Comms (Medium) Jammer
x 1
x 1
Comms (high) Jammer
x 1
Comms jammer
ES
x 3
SIGINT/DF
(-) X
THQ
(-)
CPV1
x3
18 DSMT
30 DSMT
x2
x6
x4 x3
18 DSMT
x1
4 X RPG-7 2 X SA-7/18
3xSniper
3 X RPG-7 1xSniper
3X RPG-7 1xSniper
NESTS
NETT
CICADA
TIEW-E
Constructive
Constructive
Operational Test Example:
ITF C2 Capability Integrated with Threat Assets
CPV2
TCV1
TCV2
Virtual
x 1
Comms jammer
TSIJ
8
© 2012 General Dynamics.
ITF: Multi-Echelon C2 Capability Option
THQ = Threat Higher Headquarters TNV = Tactical Network Vehicle
CPV (1&2) = Command Post Vehicles TCV (1&2) = Tactical Command Vehicles
TCV2 TCV1 CPV2 CPV1 THQ
Command And Staff
National Authorities Echelons Above Corps
Corps Level Threat Liaison
TNV
Command And Staff
Division Level
Brigade Level
Battalion Level
Company Level
Platoon Level
Squad Level
Command And Staff
Command And Staff
Command Command
ITF Notebook
ITF Cell Phone
Dismounted ITF Assets
9
© 2012 General Dynamics.
ITF Persistent Surveillance Capabilities
10
NESTS – The Networked Electronic Support Threat Sensors comes in High, Medium and Low capability variants. The High and Medium versions are able to conduct persistent spectrum surveillance as well as near real time signal identification and transmitter geo-location.
NETT – The Network Exploitation Test Tool brings together hundreds of hacker tools into a fully capable CNO suite. The TSMO CNO Teams are capable of short term testing or longer term surveillance and exploitation.
TUD – The Threat Unmanned Devices is a manned representation of a suite of ISR and EW capabilities from Unmanned Aerial Systems (UAS). This includes video and still imagery as well as SIGINT Direction Finding and jamming.
© 2012 General Dynamics.
NETT Wireless CNO for Exploitation and Attack • Wireless Access Point detection • Naming and Security data capture • Mobile CNA capabilities • Adds Wireless to Wired CNO Arsenal
ITF NETT Thin Client • CNO Target Nomination • Surveillance and Attack Status • Network Topology information • Allows the Threat to correlate CNO with other assets
Advanced Persistent Threat Assets:
Wired and Wireless CNO
11
© 2012 General Dynamics.
Advanced Persistent Threat Assets:
SIGINT, Electronic Attack, and ISR
Aerial Surveillance and DF Capabilities with TUD • Command Post Monitoring • Change Detection • Mission Rehearsal • Activity Monitoring
• Target Verification • Target Tracking • Reaction Detection and BDA
Ground-based SIGINT and EA • SIGINT Locations • Track Correlation and Display • Target – Shooter Pairing • Engagement Control • Spectrum Monitoring
12
© 2012 General Dynamics. 13
Questions?
The ITF is a threat with Advanced Persistent Surveillance and integrated Command and Control across the range of Information
Operations to include Cyber!