Cyber Quest Overview Brief 4 Jan 2016 Overview slides for briefing Action Officer level in internal and external organizations MAJ Andrew Stannard Cyber Battle Lab, Live Experimentation Branch US Army Cyber Center of Excellence & Fort Gordon MAJ Andrew Stannard/MAJ Steve Roberts Cyber Battle Lab, Live Experimentation Branch US Army Cyber Center of Excellence & Fort Gordon
Mission Vision End state The CCOE, supported by government, military, academic and industry partners, conducts Cyberspace, EW, and EMSO experimentation activities at Fort Gordon, 11-29 July 2016 to achieve solutions for operationally relevant and critical CEMA requirements. Vision The Cyber Center of Excellence conducts Cyberspace, Electronic Warfare, and EMSO experimentation activities that serve as an agile learning platform for the Cyber Community of Interest (COI). End state A world-class, Army led, Joint Cyber / EW experimentation and collaboration event at the Cyber Center of Excellence.
Cyber Quest based on an AEWE Model Annual Event Repeatable Led by the Cyber Center of Excellence but with components provided by the larger community Participants will come from the Cyber Community of Interest (operational force, institutional force, industry, and academia) Experimentation Will assess emerging technologies against documented (CARR approved) Cyber/EW capability requirements To inform current capability development and doctrine writing efforts, and understand DOTMLPF impacts. Risk mitigation event for Army acquisition and capability development proponents can leverage to validate selected candidate solutions for participation in larger Army/Joint exercises and experiments (i.e. Army Warfighting Assessments (AWA), the Army Expeditionary Warrior Experiment (AEWE), the Joint Users Interoperability Communications Exercise (JUICE) and Network Integration Experiment (NIE)). Focused at BDE TOC (IBCT) Live, Constructed, Virtual Environment Cyber Range Connectivity BCCS v5 and / or Unified COP/CPCE v2 Requires an Experimentation Force (EXFOR) No Fear of Failure (Sandbox) Army Expeditionary Warrior Experiment (AEWE)
2018 2017 Cyber Quest Maturity Model 2016 2015 Endstate: A world-class, Army led, Joint/Coalition Cyber / EW experimentation and collaboration event at the Cyber Center of Excellence. Exercise and Industry Cyber Product Assessments Cyber Center of Excellence hosted venue Publish top material capability gaps to industry/academia Events on FGGA with extensions to other venues/ranges Experimentation exercise using repeatable framework Exercise play at classification level to match real-world Cyber Quest Technology Evaluation Service cyber protection teams red teaming Operational environment scenarios Based upon known capability gaps or simulation challenges Validates material and tactics, techniques and procedures AEWE like annual event based at Ft Gordon Drawing Innovation from the best of Industry and Academia Already moving out with the Cyber Battle Lab and 25th ID from Hawaii evaluating cyber solutions to support Phase 0. Cyber Quest Pilot 25th ID Phase 0 tactical cybersecurity support Cyber Battle Lab tool evaluation for future DCO experimentation Enabling the Future – Force 2025
Cyber Quest FY 16 / FY 17 BDE TOC Convergence (CEMA) Cyber Quest 2016: Focus is on improving cyber security, while becoming expeditionary at the BCT level (AWfC #7)? Also, CPTs and their utilization of remote access tools within the defensive cyberspace operations infrastructure. Specifically, CPTs lack the supporting tools that allow them to conduct combined arms maneuver in cyberspace as a quick reaction force and employ mechanisms that destroy, dislocate, disintegrate, and isolate cyberspace threats. BDE TOC Convergence (CEMA) Integrated into an exercise that: Informs Best cyber practices IDs system vulnerabilities Provides force design improvement Informs system integration Develops process improvement Creates/validates Key Performance Parameters (KPPs) Develops Cyber Tactics, Techniques, and Procedures (TTPs) Requirements Validation ONS JUONS TCMs/JCIDs Tech Selection Cyber EW EMSO Repeatable Selection Process/Framework (“AEWE like”) CEMA Innovative Solutions Cyber EW EMSO Industry Academia
Demonstrate tactical radios as Electronic Warfare solutions; Cyber Quest 2016 Focus Areas Integration of Cyber and Electronic Warfare Situational Awareness (SA) capabilities Identify mature vendor solutions that demonstrate a capability to converge Cyber and EW User Defined Operational Pictures (UDOPs) to provide commanders a holistic view of the Cyberspace and Electromagnetic Spectrum (CEM) environment. Explore the concept of using tactical radios as sensors to provide input to the CEM SA tool. Understand DOTMLPF implications of using a CEM SA tool; Inform Tactics, Techniques and Procedures of the CEMA cell; Demonstrate tactical radios as Electronic Warfare solutions; Tactical hand held radios that can operate from 200 – 2500 MHz; Tactical radios that have anti-jamming capabilities; Tactical radios that automatically discover and operate in unused portions of the electromagnetic spectrum; Tactical radios capable of directing antenna energy to avoid jamming; Tactical radios capable of (near) silent operation See Slide 19 for Specific Dates
Cyber Quest 2016 Milestones Stakeholders (list growing daily) Mission: CCOE, supported by government, military, academic and industry partners, conducts Cyberspace, EW, and EMSO experimentation activities at Fort Gordon, 11-29 July 2016 to stress solutions for operationally relevant and critical CEMA requirements. Objective: To inform best CEMA practices, system vulnerabilities, force design improvement, system integration, process improvements, Key Performance Parameters (KPPs) and Tactics, Techniques, and Procedures (TTPs) Challenges Significant Actions CCOE TCM Cyber TCM EW TCM MC Signal School Cyber School Req’ts Integration Division Concepts/Analysis Division PAO ARCYBER Army CPB Cyber Quest Council of Colonels: 21 Sep 2015 Industry Briefing Day: 4 Nov 2015 Whitepaper Deadline: 13 Nov 2015 Tech Pre-Selection Panel: 17 – 19 Nov 2015 Invitation to Tech Industry Selection Panel: 20 Nov 2015 Technology Industry Selection Panel: 8 – 11 Dec 2015 Vendor notification: 14 Dec 2015 Coordination Work Group 1: 12 Jan 2016 Coordination Work Group 2: 17 Mar 2016 Coordination Work Group 3: 18 May 2016 Technology / Systems Integration: Jun 2016 Cyber Quest 2016 Execution: 11 – 29 Jul 2016 CARR Review of Cyber Quest requirements Broad Agency Announcement (BAA) released Industry Day held with ~30 organizations Technology solutions down selected from ~25 to 12 Technology Industry Selection Panel: Scoped from 12 vendor solutions to 10 Funding for enduring CyberQuest support Strategic messaging Web and social media Academic support Expanding TechNet with academic thread Shaped Call For Papers (CFP) - TCM critical requirements TechNet published and peer reviewed journal Inform BAA process CERDEC S&TCD ASA (ALT) CECOM Intelligence COE TSMO Commercial Vendors (10-15) Maneuver Battle Lab ARCIC ACD Academia: Army Cyber Institute Ga Tech (GRI) Industry day: Approximately 70 people in attendance; Approximately 30 organizations representing commercial vendors, acquisition community, requirements community, Intelligence COE, CCOE, Academia (Army Cyber Institute & Georgia Tech), CERDEC, CCOE PAO and AFCEA PAO planning to release story of the event (We will need to stay engaged with PAO to get CG’s message out to support CQ activities) Extremely positive feedback by all in attendance. Many commented that this is the first time that they had acquisition, requirements and experimentation owners all in the same room for open collaboration and suggested that we hold 2 times per year. (We agree and will target holding another in Spring to help shape CQ2017) Collaboration across all sectors was very well received (We must maintain collaboration through the CQ lifecycle to bread overall success) Discussion with GA Tech/ACI/AFCEA to determine how to better incorporate Academia and those organizations specifically. (Plan to change TechNet by adding an academic thread with targeted Call For Papers to match future CQ requirements) Cyber Center of Excellence TCM Cyber – Coordinated Cyber SA requirements for BAA; TCM EW - Coordinated EW requirements for BAA; Signal School – Coordinating Digital Master Gunner Course resources; Cyber School – Attend weekly Cyber Quest meetings; Requirements Integration Division (RID) – Strategic Overview Paper; PAO – Cyber Quest video production; Army Cyber Institute – Attend weekly Cyber Quest meetings; Army Cyber Command - Coordinated Cyber SA requirements for BAA/ Big Data Analytic Tool; Army Cyber Protection Brigade - Potential Red Team Support; CERDEC S&TCD – Command Post Computing Environment (CPCE) support; CECOM – BAA review/leverage JUICE for Cyber Quest; Intelligence Center – Sent information about Cyber Quest. TSMO - Potential Red Team Support;
Cyber Quest Planning Cycle Initiation Selection Integration Execution CWG 3 - MAY 2016 Final Report SEP 2016 Excursions Assessments JUN 2016 Technology Selection DEC 2015 Experimentation Event JUL 2016 CWG 2 - MAR 2016 CWG 1 - JAN 2016 Integration Orders APR 2016 Tech Call – Industry BAA OCT 2015 Results: Tech Pre-Select NOV 2015 Tech Pre-Select NOV 2015 Tech Call Deadline NOV 2015 Proposal Consolidation SEP 2015 Proposal Engagement (Wide) SEP 2015 Proposal Selection (Core) 8 SEP 2015 Cyber Quest 2016 Initiation AUG 2015 Army Cyber Council Council of Colonels SEP 21 2015 ACC Brief OCT 2015 CARR Brief SEP 9 2015 TechNet 2015 - Vision TechNet 2016 – CyberQuest 2016 Wins CyberQuest 2017 Vision Academic Thread/Involvement CyberQuest 2017 – Kickoff
Tech Selection based on gaps / requirements Key Deliverables and Milestones Tech Selection based on gaps / requirements Immediately, coordinate with CCOE for high-level gaps, then prioritize Tech Call = write a Broad Agency Announcement that details requirements from TCMs / Operational Community for Industry ID EXFOR / White Cell / Red Cell Role Players and develop Orders Receive Tech Submissions from Industry Perform Tech Down-select and compile Pre-Selection Results Inform Industry of Technologies Selected Proceed to integration Integration Use (white papers) evaluation criteria and CBL score card format to develop score cards for Cyber Quest 2016 demonstration/exercise Coordination WG 1 Coordination WG 2 Finalize Orders Blue / Red Team / Green Cell / White Cell Coordination WG 3 Execution (4-29 July): Repeatable Experimentation: Vendor 1, Vendor 2, Vendor n, TechNet Brief Results (Aug 2016) Inform best cyber practices, system vulnerabilities, force design improvement, system integration, process improvements, Key Performance Parameters (KPPs) and Tactics, Techniques, and Procedures (TTPs) See Slide 19 for Specific Dates
Way Ahead / 90 days 22 Oct – Coordinate with local contracting office to publish Broad Agency Announcement; 4 Nov – Industry Briefing Day; 13 Nov – Whitepaper Deadline from Industry; NLT 16 Nov – Form technology selection committee for industry whitepaper review; 16 Nov – Establish repository for whitepapers; 17 – 18 Nov – Whitepaper reading review; 19 Nov – Pre-Selection Panel (Whitepaper down select); Down selected from ~25 to 12 vendor solutions: 9 EW Sensor and SA tools 3 Cyber SA tools 20 Nov – Invitation to Pre-Selection Industry Candidates (short list); 8 – 11 Dec – Tech Selection Board; 14 Dec – Notify Selected Vendors; 12 Jan 2016 – Coordination Working Group 1 ~17 Mar 2016 - Coordination Working Group 2 ~18 MAY 2016 - Coordination Working Group 3 See Slide 19 for Specific Dates
ISB Operational Environment OV-1 Live Virtual Constructive (LVC) National Asset (V/C) Scenario JTF (V/C) transitioning from MCO (PH III) to stability operations (PH IV) while reacting to red force kinetic and non-kinetic attacks Focus on an At-The-Halt (ATH) IBCT CP (Live) controlling an ATH Infantry Battalion CP and OTM Infantry Companies (V/C) Red Forces will use a variety of Offensive Cyber and Electronic Warfare (EW) attacks to stimulate Defensive Cyber Operations and EW Response Actions Intent: Focus on the BCT; Fully populate BCT TOC systems leverage outputs for Cyber and EW SA capabilities MFEW Large Red Forces IN BN CP (V/C) EWO EW IBCT CP (Live) Experimental Focus Areas Integrate Cyber and Electronic Warfare Situational Awareness (SA) capabilities Converge Cyber/ EW User Defined Operational Pictures (UDOPs) Tactical radios as sensors with input to CEM SA tool. DOTMLPF implications of using a CEM SA tool; TTPS for the CEMA cell; Demo tactical radios as Electronic Warfare solutions; - Tactical hand held radios 200 – 2500 MHz range; - Tactical radios with anti-jamming capabilities; CEMA Operational scenario centered on the Infantry Brigade Combat Team (BCT) Tactical Operations Center (TOC) DIV TAC CP (V/C) CEMA ISB JTF / ExCSE (V/C) CEMA CSSB (V/C) CPT
TCM/CARR OPT vetted requirements DCO at CORPS and below Cyber Quest 2017 Potential Focus Areas TCM/CARR OPT vetted requirements Hottest requirements for 2017 DCO at CORPS and below DCO TTPs Tactical Big Data and CYBER analytics TOC Convergence/CPCE Coalition/Joint CEMA Integration of other services Integration of NATO/FVEY partners Integration of coalition/classified networks CJTF C2 focus for CEMA based experimentation Integration of Academic research efforts TCM requirement focused with potentially 2-3 year horizon Academic analysis of effort to drive best/better practices See Slide 19 for Specific Dates
TOC Specific Experimentation Force (Role Players) Location Echelon Function Position Source Grade MOS Local TDY Fort Gordon Infantry BCT Maneuver 2-4 IBCT COMMANDER TASKING O6/O5 11A/19A 1 Intel 2-4 IBCT S-2 O4 35D 2-4 IBCT S-3 11A Cyber 2-4 IBCT S-6 25A 2-4 IBCT CEMA Chief 17A 2-4 IBCT EWO FA29 Infantry BN 2-4 IBCT 1-1 BN COMMANDER O5/O4 2-4 IBCT 1-1 BN S-2 O3 2-4 IBCT 1-1 BN S-3 2-4 IBCT 1-1 BN S6 2-4 IBCT 1-1 BN CEMA Chief 2-4 IBCT 1-1 BN EWO JTF / DIV Command Group COMMANDER O6 O1A Movement & Maneuver J-3 O5 JCC ExCSE CPT Fill 8