[ppt]wss.apan.org quest 2016/cq 2016 cwg2... · web view0900welcome dale white, dep dir, cbl. 0915...
TRANSCRIPT
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED1
15 -17 Mar 2016
Cyber Quest 2016
Cyber Quest 2016 Coordinated Working Group (CWG) #2
UNCLASSIFIED//FOR OFFICAL USE ONLY
UNCLASSIFIED//FOR OFFICAL USE ONLY
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED2
0900 Welcome Dale White, Dep Dir, CBL
0915 Introduction, Agenda, Objectives, Video MAJ Roberts
0930 Cyber Quest Update, Timeline, Road to War MAJ Roberts
1000 User Defined Operational Picture/Data Sources Review/Update Mike Jones
1100 Data Integration Introduction Mr. Andersen
1200 LUNCH ALL
1330 Lower Tactical Network Introduction Horace Carney
1430 Upper Tactical Network Introduction (WIN-T) Joe Collette
1530 Training Requirements Greg Wells
1600 Overview of 16 March Agenda/Release MAJ Stannard 1800 NO HOST SOCIAL (CAROLINA ALE HOUSE)
Location: U.S. Army Reserve CenterRoom 122-124
Participation: All Cyber Quest 2016 Participants
CWG #2 Agenda – 15 Mar 2016
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED3
0900 Welcome Back MAJ Roberts
0915 EW Sensor Technology Sponsor Breakout - 122 0915 – 1205 Data Integration Breakout - 124
0915 - 0945 Harris Corporation Data Sources - SA
0950 - 1020 L3 WIN-T NMS
1025 - 1055 Phaser
1100 - 1130 Rockwell Collins
1135 - 1205 Thales
1205 LUNCH \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ALL
1330 CTI 1330 Lower Tactical Network
1400 EITC 1430 Upper Tactical Network (WIN-T)
1430 General Dynamics
1500 GTRI
Location: U.S. Army Reserve CenterRoom 122-124
Participation: All Cyber Quest 2016 Participants
CWG #2 Agenda – 16 Mar 2016
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED4
0900 Welcome Back MAJ Roberts
0915 Breakout Session Opportunity (As needed) - 122 0915 Cyber Quest 2017 Objectives- 124
1015 Academia Participation1130 CWG 2 Out-brief to Technology Sponsors
1205 CWG 2 ENDS
Location: U.S. Army Reserve CenterRoom 122-124
Participation: All Cyber Quest 2016 Participants
CWG #2 Agenda – 16 Mar 2016
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Working Group Objectives
• To review all documentation/administrative requirements;
• To highlight key experiment dates, events, and milestones;
• Delineate roles and responsibilities for all participants;
• To produce a draft network design document and identify resource shortfalls;
• To produce a draft DODAF document identifying data systems integration requirements;
• To develop a draft Cyber Quest 2016 Technology Integration Schedule;
• To document technology training requirements;
• To address Cyber Quest 2016 vignette/simulation requirements;
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED6
6
park
ing
parking
Signal Towers
Cyber Battle Lab
Directions
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED7
Army Expeditionary Warrior Experiment (AEWE)
VIDEO
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED8
EXPERIMENT UPDATE, TIMELINE, MILESTONES, EXPECTATIONS
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Initiation
Selection
Integration
Execution
Cyber Quest 2016 Timeline and Milestones
CWG 3 - MAY 2016
Final Report SEP 2016
TechNet CQ Briefing 2 AUG 2016
Excursions Assessments JUN 2016
Technology Selection 8 – 11 DEC 2015
Experimentation Event 11 – 29 JUL 2016
CWG 2 - MAR 2016CWG 1 - JAN 2016
Integration Orders APR 2016
Results: Tech Pre-Select 20 NOV 2015Tech Pre-Selection Panel 17 – 19 NOV 2015
Tech Call Deadline 13 NOV 2015
Proposal Consolidation SEP 2015
Proposal Engagement (Wide) SEP 2015
Proposal Selection (Core) 8 SEP 2015
Cyber Quest 2016 Initiation AUG 2015
2016Framework
11 Month Cycle9
Army Cyber Council
Council of Colonels 21 SEP 2015
ACC Brief OCT 2015
CARR Brief SEP 9 2015
Industry Briefing Day 4 NOV 2015Tech Call – Industry BAA 22 OCT 2015
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Execution
• Execution Duration (3 weeks)
• Location (CBL, FOB Ready, Ft Gordon and SRS)
• Focused at Infantry BCT TOC Unified COP/CPCE v2
– Live, Constructed, Virtual Environment
– Cyber Range Connectivity
– Phase 3 to 4 operational transition
• Notional SIPR Networks (Unclassified)
• Battle Rhythm (6hr scenario day + real world)
• 4x 12hr plays
• Requires an Experimentation Force (EXFOR)
– Blue Force, Red Team, Green Cell, White Cell
• No Fear of Failure (Sandbox) Reporting
10
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber Quest Operational View
11
Experimental Focus Areas
Integrate Cyber and Electronic Warfare Situational Awareness (SA) capabilities- Converge Cyber/ EW User Defined Operational Pictures (UDOPs)
- Tactical radios as sensors with input to Cyber SA tool.
- DOTMLPF implications of using a Cyber SA tool;
- TTPs for the CEMA cell;
Demo tactical radios as Electronic Warfare solutions;- Tactical hand held radios 200 – 2500 MHz range;- Tactical radios with anti-jamming capabilities;
Scenario•JTF (V/C) transitioning from MCO (PH III) to stability operations (PH IV) while reacting to red force kinetic and non-kinetic attacks
•Focus on an At-The-Halt (ATH) IBCT CP (Live) controlling an ATH Infantry Battalion CP and OTM Infantry Companies (V/C)
•Red Forces will use a variety of Offensive Cyber and Electronic Warfare (EW) attacks to stimulate Defensive Cyber Operations and EW Response Actions
•Intent: Focus on the BCT; Fully populate BCT TOC systems
•Leverage outputs for Cyber and EW SA capabilities
Red Forces
IBCT CP (Live)
CEMA
IN BN CP (V/C)
EWO
JTF / ExCSE (V/C)
CEMA
CPT
DIV TAC CP (V/C)
EW
National Asset (V/C)
CEMACSSB (V/C)ISB
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber Quest – Operational Flow
Outputs to inform: Best Practices & White Papers-System Vulnerabilities -Enemy Methodology-Force Design -System Integration-Process Improvements-Lessons Learned-Team Dynamics-Key Performance Parameters (KPP)-Tactics, Techniques, and Procedures (TTPs)
X
Submit Cyber Effects Request Form (CERF)
Provides CPT Experience in:-Remediation-Reporting-DCO (Defense in Depth)-Incident Response Handlers (IRH)
“CERF”
IBCT (select staff)(255S Provides
Cybersecurity Capability)
Provides:-Team Building-Tool Validation-Training Synergy
AMDWS/TAIS/CPOF
EWPMT/Cyber SA Tool
AFATDS/BCS3
Cyber Event
JFHQ-CCyber Protection Brigade (CPB)
Tasking
Battle Lab EW/S2/6
LEGENDLOS
CABLEREQUEST
LIVE
Army Cyber Operations
Integration Center (ACOIC)
Red Cell (Threat)
CPT(DST) CPT
(DST) CPT(DST)
Blue Cell (Friendly)
Action – Reaction – Counteraction
Regional Hub Node
(RHN)
Cyber SA Display in TOC
CEMA Cell
12
Action – Reaction – Counteraction
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 13
Feeds
Feeds Feeds
BCT TOC
E W
Cyber SA Display in CEMA Cell
AMDWS/TAIS/CPOF
AFATDS/BCS3/DCGS-A
EW
Emplaced sensors intercepts emitters
Monitoring Social Media
Battle Lab
M&S Branch
Simulation Interface
MC Systems
• OneSAF• FIRESIM• EMANE
Battle Lab
FEB Branch
Scenario Stimulation
• OPORD/Annex• Graphics• Vignettes/Storyboard• Scenario Products• Facilitation
EWPMT/Cyber SA Tool (Vendor Provided)
(Virtual)(Live)
(Live)
(Constructive)
Cyber Quest – Execution Operational View
(Live/Constructive)
Red Cell (Threat)
Blue Cell (Friendly)
Action – Reaction – Counteraction
Cyber Event
(Constructive)
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 14
Cyber Quest Calendar – March 2016
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
CQ Coordination Working Group #2
UC 16.1 GAMEX (Fort Leavenworth KS) (FEB)
UC 16.1 GAMEX (Fort Leavenworth KS) (FEB)
ABCT Seminar Wargame (Fort Benning GA) (FEB)
UC 16.1 Analysis Scrum (Fort Lee VA) (FEB)
Live Experimentation Branch
Futures Experimentation Branch
M&S Branch
Vendor Specific
OneSAF Build (Includes STARTEX positions/Movement Tracks (Battle)
End to End Thread Testing (Triggers, Timing, & Step Validation) (FEB All)
RMF Support
TBD
TBD
TBD
Scenario/Script review with ARCYBER (FEB All)
Scenario Orders/Road to War Refinement (Battle/Collins)
Scenario Orders/Road to War (Battle)
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 15
Cyber Quest Calendar – April 2016
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Integration: Scenario Orders / Admin Instructions
Masters Week (Augusta area Schools Spring Break)
ExCIS Software Training (Austin TX) (FEB All)
Live Experimentation Branch
Futures Experimentation Branch
M&S Branch
Vendor Specific
UC 16.1 Analysis Scrum
Scenario V&V(Battle)
TBD
Block Leave (FEB All)
Mission Command System Configuration & Testing
COMMEX (Includes HICON/LOCON Interaction) (FEB All)
RMF Support
TBD
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 16
Cyber Quest Calendar – May 2016
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
CQ Coordination Working Group #3
Live Experimentation Branch
Futures Experimentation Branch
M&S Branch
Vendor Specific
TBD
TBD
TBD
TBD
SWLock
Develop System Specific Data Products
Develop System Specific Data Products
Threat/EXCON/HICON/LOCON Synchronization & Rehearsals
Threat/EXCON/HICON/LOCON Synchronization & Rehearsals
ATEC SRsCOMPLETED
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 17
Cyber Quest Calendar – June 2016
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
Vendor System Testing
Environment Build
Complete
Network / Vendor System IntegrationTBD
TBDFunctional Testing
End-to-End Thread Testing
TBD
Create & Load Data Products / Radio Config Files
Live Experimentation Branch
Futures Experimentation Branch
M&S Branch
Vendor Specific
TBD
TBD
Full up Dress Rehearsals
Full up Dress Rehearsals
Full up Dress Rehearsals
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 18
Cyber Quest Calendar – July 2016
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
CQ Rotation 1
CQ Rotation 2 CQ Rotation 3 CQ Rotation 4
CQ Rotation 5 VIP Day / Demo AAR
PACEXCQ Build / Train
COMMEXVALEX
Instrumentation V&V
4th of July Weekend (DONSA)
4th of July Weekend (DONSA)
Live Experimentation Branch
Futures Experimentation Branch
M&S Branch
Vendor Specific
Military Role Player Training and Integration
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
US Army Cyber Center of Excellence (Cyber CoE)
Cyber SA
Notional Dashboard
Focus Areas to Inform
Cyber Quest
Cyber Support Element-Ft. Leavenworth, KS.
All diagrams are pre-decisional and could be changed at the discretion of the CSE-FLKS
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Emitters / OB Planning Threat Activity EMS Interference Social Media
Cyber SIGACTs Network Status Cyber-EW Ops Mission ImpactCyber OverlayMaps
Unknown Actor, Cyber, Redirected URL, Unmitigated
Known Actor, Cyber, Unmitigated
Unknown Actor, Cyber, Redirected URL, Unmitigated
Unknown Actor, Cyber, Redirected URL, Unmitigated
Known Actor, Cyber, Unmitigated
Unknown Actor, Cyber, Redirected URL, Unmitigated
Last 24 hoursQuery
< < < < < <
< < < < <
Focus Area 1: Cyber SIGACTS
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Cyber SIGACTs Network Status Cyber-EW Ops Mission Impact
Emitters & OB Planning Threat Activity EMS Interference Social Media
Cyber OverlayMaps < < < < < <
< < < < <Create
Export to COP
Focus Area 2: Cyber Overlay
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Emitters & OB Planning Threat Activity EMS Interference Social Media
Cyber SIGACTs Network Status Cyber-EW Ops Mission ImpactCyber OverlayMaps < < < < < <
< < < < <Friendly
EnemyUnknown
NeutralAsset ComplianceForce Prot Cond.
Focus Area 3: Network Status - Friendly
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Emitters & OB Planning Threat Activity EMS Interference Social Media
Cyber SIGACTs Network Status Cyber-EW Ops Mission ImpactCyber OverlayMaps < < < < < <
< < < < <Friendly
EnemyUnknown
NeutralAsset ComplianceForce Prot Cond.
Focus Area 4: Network Status - Enemy
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Active Tracking
Early Warning
Early Warning
Early Warning
Emitters & OB Planning Threat Activity EMS Interference Social Media
Cyber SIGACTs Network Status Cyber-EW Ops Mission ImpactCyber OverlayMaps < < < < < <
< < < < <FILTERS
GSM
3G
4G
WiFi
Radar
OB
CTR MTR/RCKT
CTR MTR/RCKT
CTR MTR/RCKT
UnknownNeutralEnemy
Friendly
Focus Area 5: Emitters & Order of Battle
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Emitters / OB Planning Threat Activity EMS Interference Social Media
Cyber SIGACTs Network Status Cyber-EW Ops Mission ImpactCyber OverlayMaps < < < < < <
< < < < <Intrusion Alerts
VulnerabilityNetwork Health
Focus Area 6: Mission Impact
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Cyber SA Planning and Management Tool (PMT)
Emitters & OB Planning Threat Activity EMS Interference Social Media
Cyber SIGACTs Network Status Cyber-EW Ops Mission ImpactCyber OverlayMaps < < < < < <
< < < < <
TrendsAlerts
Web Search
Focus Area 7: Social Media
Notional Display
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuestLower/Upper Tactical Network
Introduction
2016/03/15
Horace Carney/Joe ColetteCTR Support, Cyber Battle Lab
US Army Cyber Center of Excellence & Fort Gordon
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Red Forces
IBCT CP (Live)
Operational Environment OV-1 (LVC)
EW
BlueForces
WIN-T Inc 2NOSC-B
EW
UCDEWPMT
CPOF BCCS DCGS-A AFATDS
Cyber Battle Lab
WIN-T Inc 2NOSC-B
ICOE
TSMO
Peer vs Near-peerTactical Radios and EW Sensors
WIN-T Inc 2SNE
WIN-T Inc 2SNE
SA Vendor
1-4SA
Vendor1-4
SA Vendor
1-4SA
Vendor1-4
DCO-IDM Feeds
Sensor improvement
– C2 Data ingest- Remote sensor
triggering- Cyber effects
Cyber Red vs Blue
- Visualization- Triggering- Queuing
WIN-T/DCO Cyber data
- Determine utility- Refine
TTPs/CONOPS
Effect Decision
Data Ingest
Data processing
EW/CYBER SA- Drive CEMA cell
response actions/planning
- Drive commander decisions
- Drive Cyber vs EW response actions
Big Data
SensorVendor
1-5
SensorVendor
1-5
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED2929
Proposed Lower Tactical Architecture for Cyber Quest
Platoon SRW network
Company SRW network
FT HUACHUCA
1.Thales: Special EW Mission Module (EW module)
2.Phaser Corporation: (Wifi/4G LTE sensor)
3.Rockwell Collins: Handheld dismounted RF sensing capability/TTNT mesh network
4. Harris RF sensor5. L3 DF Capability
1/A/1-29 INFANTRY
PSG
A-TL B-TL
1-SL AN/PRC 154A
AN/PRC 15A
AN/PRC 154A
CO XO
A/1-29 INFANTRY CO (HEADQUARTERS)
OPS NCO
AN/PR 54A A-TL B-TL
2-SLAN/PRC 154A
AN/PRC 154A AN/PRC 154A
BN SNE
CO HQ
1-29 INFANTRY BN
SIDEHAT X 2
CO SRW/ SATCOM
WIN-T INC 2NETWORK Classification:
Notional SECRET
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED30
UPPER TI ARCHITECTURE
30
STT (INC 1)
RHN-E CYBER BATTLE LAB
NOSC-B
BCT CP, FOB READY, FORT GORDON
COMPANY CP, TA-??
TCN (MAIN)
SSSV4
CPP(RADIO NETS ONLY)
LOWER TILEGEND
442ND ASSETS NOT IN CQ
CABLE LINK
SATELLITE LINK
TCN (X4)
NODES IN RESERVE
SNE (X4)POP (X4)
TA-6TCN (TAC)STT (MAIN)
INC 1
TA-26
TA-21
SNE(CNRI)
POP
POP
SNE SNE
RHN
TA-17
Classification:Notional SECRET
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Joe [email protected]: (706)791-8806DSN: 780-8806FAX: (706)791-3799
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuestData Architecture
Introduction
2016/03/15
Ken GroombridgeCTR Support, Cyber Battle Lab
US Army Cyber Center of Excellence & Fort Gordon
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED33
GDGTRI
Raytheon
CTITHUNDERSTORM
THALES MMR
L3AN/PRD-
13HARRISROCKWE
LL
DCGS
DDS
CPOF
AFATDS
OneSAF FIRESIM ExCIS
NETTWARRIOR
Message Types
From To
PLI OneSAF DDS
PosRPT
GEO
LOB
ENSIT
STATUS
PLI
PLIK05.1
EITCIRONHIDE
Sensor Data
Sensor Data
Sensor Data
Sensor Data
PHASER
EITC
EWPMT
Vendor SA capabilities
Sensor Data
CPOF DB
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Ft. Huachuca
OneSAF Systems
BCCS Stack
DDS CPOF Services
DSGS-A
MC Adapter
OneSAF SystemsOneSAF
SystemsOneSAF SystemsOneSAF
SystemsOneSAF Systems
FireSim ExCIS
Workstation
CPOF Client
MI COP (Ft.
Huachuca)
Google Earth /
Browser
Operational Architecture
AFATDS Client
DSGS-A Client
EWPMT
EWPMT
Enterprise Services
(MS EXCH,SP, SCCM, ETC.)
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED35
DTSS
GRAPHICS:AFATDS POS-RPTGRAPHICS:AMDPCS POS-RPTGRAPHICS:ASAS-L ENEMY-SIT:GRAPHICS:BCS3 POS-RPTPOS-RPT/*:FBCB2 OBS-POSGEO-REF:FBCB2POS-RPT:GCCS-A GRAPHICS:WEATHER:IMETS GRAPHICS:MCSPOS-RPT:MCS OBS-POSGRAPHICS:MIP POS-RPTGEO-REF:MIP OBS-POSGRAPHICS:TAIS SIGACT:CPOF
CMDS-INTENT:CPOF
(none)
GRAPHICSPOS-RPTTARGET
GRAPHICS:AMDPC SPOS-RPTGRAPHICS:ASAS-L ENEMY-SITGRAPHICS:BCS3 POS-RPTPOS-RPT/*:FBCB2 GRAPHICSPOS-RPT:GCCS-A GRAPHICSGRAPHICS:MCS POS-RPTGRAPHICS:TAIS
AFATDS
DDS Publish
Subscribe
SYNCH
TGS
ENEMY-SIT:POS-RPTGRAPHICS
UAV-VIDEOMTIGROUND-TRACKS
Publish TMC WS
GRAPHICS:AFATDS POS-RPT TARGET:AFATDS AIR-TRK:AMDPCSGRAPHICS:AMDPCS POS-RPTGRAPHICS:ASAS-L ENEMY-SITIND-WARN:ASAS-L CTFPGRAPHICS:BCS3 POS-RPTOPORD:BCS3 COMBAT-PWRTASK-ORG:BCS3 POS-RPT/*:FBCB2OBS-POS:FBCB2 GEO-REFPOS-RPT:GCCS-A GRAPHICSWEATHER:IMETS GRAPHICS:MIP POS-RPTOPORD:MIP ORG-STATTASK-ORG:MIP GEO-REFOBS-POS:MIP IND-WARNGRAPHICS:TAIS ACOUAV-VIDEO:CGS GROUND-TRACKSMTI:CGS SIGACT:CPOF
GRAPHICS POS-RPTOPORD ORG-STATTASK-ORG OBS-POSM-AEXCH
Publish
BFTOBS-POS GEO-REFPOS-RPT/EPLRS POS-RPT/LBANDPOS-RPT/MTS
POS-RPT:AFATDS TARGET:AFATDSPOS-RPT:CBFSA POS-RPT:GCCS-APOS-RPT:MCS
IMETS
GRAPHICS:AFATDS POS-RPTAIR-TRK:AMDPCS GRAPHICSPOS-RPT:AMDPCS GRAPHICS:ASAS-L ENEMY-SITGRAPHICS:BCS3 POS-RPTPOS-RPT/*:FBCB2POS-RPT:GCCS-A WEATHER:IMETSGRAPHICS:MCS POS-RPTOPORD:MCS GRAPHICS:TAIS OBS-POS:CPOF TASK-ORG SIGACT:CPOF CMD-INTENT GRAPHICS:CPOF
WEATHER
SYNCH
S2MC POS-RPT/DTRACS POS-RPT/PANATRACS POS-RPT/STS POS-RPT/VSSTAR POS-RPT/DYNAFLEET POS-RPT/GDMS GRAPHIC OPORD TASK-ORG POS-RPT
GRAPHICS:AFATDS POS-RPTENEMY-SIT:ASAS-L POS-RPT:FBCB2POS-RPT:GCCS-A GRAPHICS:MCSPOS-RPT:MCS OPORDTASK-ORG
Publ
ish
Subs
crib
e
TAIS
GRAPHICS:AFATDS POS-RPTTARGET:AFATDS AIR-TRK:AMDPCSGRAPHICS:AMDPCS POS-RPTGRAPHICS:ASAS-L ENEMY-SITIND-WARN:ASAS-L CTFPGRAPHICS:BCS3 POS-RPTOPORD:BCS3 TASK-ORGPOS-RPT/*:FBCB2 POS-RPT:GCCS-AWEATHER:IMETS GRAPHICS:MCSPOS-RPT:MCS OPORDORG-STAT:MCS TASK-ORGSIGACT:CPOF CMDS-INTENTOBS-POS:CPOF TASK-ORGSIGACT:CPOF CMD-INTENTGRAPHICS:CPOF
GRAPHICS ACO
Publish
Publish
Publish
Publish
PublishSu
bSubscribe
AMDWSAIR-TRK MISSIONGRAPHICS SA-UNITSPOS-RPT SA-SENSORSSA-WEAPONS C-RAMSA-GEOMETRIES
GRAPHICS:AFATDS ACO:TAISPOS-RPT:AFATDS WEATHER:IMETSGRAPHICS:ASAS-L IND-WARN:ASAS-LENEMY-SIT:ASAS-L OPORD:MCSPOS-RPT:BCS3 TASK-ORG:MCSTASK-ORG:BCS3 POS-RPT/*:FBCB2GRAPHICS:GCCS-A POS-RPT:MCSGRAPHICS:MCS GRAPHICS:TAIS
Subscribe
SYNCHPublish
Subscribe
POS-RPT
GRAPHICS
GRAPHICS:AFATDS POS-RPTGRAPHICS:AMDPCS POS-RPTGRAPHICS:ASAS-LENEMY-SITGRAPHICS:BCS3GRAPHICS:MCS POS-RPT:MCS OBS-POS:MCSGRAPHICS:MIP POS-RPT:MIPGRAPHICS:TAIS POS-RPT/*:FBCB2 OBS-POS:MIP OBS-POS:FBCB2 Only non-hostile tracks
GCCS-A
Publish
Subscribe
Subscrib
e or S
ync
CPOF
GRAPHICS:AFATDS POS -RPT:AFATDSTARGET:AFATDS AIR-TRK:AMDPCSGRAPHICS:AMDPCS POS -RPT:AMDPCSGRAPHICS:ASAS -L ENEMY -SIT:ASAS -LGRAPHICS:BCS3 POS -RPT:BCS3
OBS -POS:FBCB2 POS -RPT/*:FBCB2 POS -RPT:GCCS -A
GRAPHICS:GCCS -A GRAPHICS:TAIS ACO:TAIS GRAPHICS:MCS POS -RPT:MCS TASK -ORG:MCS OBS -POS:MCS FSCM:AFATDS
PLANS/ORDERS:AFATDSSALUTE:AFATDS SITREP:AFATDSSPOTREP:AFATDS SALUTE:AMDPCSPLANS/ORDERS:AMDPCSSITREP:AMDPCS SPOTREP:AMDPCSAIR ROUTES:AMPS PRAHICS:AMPSPLANS/ORDERS:AMPSHVT/HPT:ASAS PLANS/ORDERS:ASAS
PLANS/ORDERS:BCS3 SUPPLY STAT:BCS3POSS -RPT:BFT GRAPHICS:BFT
SITREP:BFT SPOTREP:BFTGRAPHICS:DTSS SITREP:FBCB2SPOTREP:FBCB2 GRAPHICS:FBCB2PLANS/ORDERS:FBCB2SALUTE:FBCB2 SITREP:FBCB2SPOTREP:FBCB2 MDMP:GCCS -APLANS/ORDERS:GCCS -ASITREP:GCCS -A GRAPHICS:ISYSCON
PLANS/ORDERS:ISYSCONPOS -RPT:JTCW GRAPHICS:JTCW
PLANS/ORDERS:JTCWSALUTE:JTCW SITREP:JTCWSPOTREP:JTCW PLANS/ORDERS:MCSPLANS/ORDERS:TAIS
OBS -POS:CPOF TASK -ORG:CPOFSIGACT:CPOF CMD-INTENT:CPOFGRAPHICS:CPOF FSCM:CPOFPLANS/ORDERS:CPOFSITREP:CPOF SPOTREP:CPOFPOS -RPT:CPOF MDMP PRODUCTS:CPOF
POS -RPT : FBCB2, MCSOBS -POS : FBCB2
SIGACT : CPOFMTI : CGSGround -Tracks : CGS
UAV VIDEO : CGSTARGET : AFATDSWEATHER2 : IMETSGRAPHICS : MCS, BCS3
DDS Node DCGS-A
ENEMY-SIT (BCS3, AMPS, AMDWS , MCS, TAIS, AFATDS, DTSS )
GRAPHICS ( AMDWS, MCS, AFATDS, CGS, TAIS, DTSS, BCS3
Indications and Warnings ( ? )
Subscribe
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED36
GRAPHICSPOS-RPTTARGET
GRAPHICS:AMDPC SPOS-RPTGRAPHICS:ASAS-L ENEMY-SITGRAPHICS:BCS3 POS-RPTPOS-RPT/*:FBCB2 GRAPHICSPOS-RPT:GCCS-A GRAPHICSGRAPHICS:MCS POS-RPTGRAPHICS:TAIS
AFATDS
DDS Publish
Subscribe
TMC WS
GRAPHICS:AFATDS POS-RPT TARGET:AFATDS AIR-TRK:AMDPCSGRAPHICS:AMDPCS POS-RPTGRAPHICS:ASAS-L ENEMY-SITIND-WARN:ASAS-L CTFPGRAPHICS:BCS3 POS-RPTOPORD:BCS3 COMBAT-PWRTASK-ORG:BCS3 POS-RPT/*:FBCB2OBS-POS:FBCB2 GEO-REFPOS-RPT:GCCS-A GRAPHICSWEATHER:IMETS GRAPHICS:MIP POS-RPTOPORD:MIP ORG-STATTASK-ORG:MIP GEO-REFOBS-POS:MIP IND-WARNGRAPHICS:TAIS ACOUAV-VIDEO:CGS GROUND-TRACKSMTI:CGS SIGACT:CPOF
GRAPHICS POS-RPTOPORD ORG-STATTASK-ORG OBS-POSM-AEXCH
Publish
BFTOBS-POS GEO-REFPOS-RPT/EPLRS POS-RPT/LBANDPOS-RPT/MTS
POS-RPT:AFATDS TARGET:AFATDSPOS-RPT:CBFSA POS-RPT:GCCS-APOS-RPT:MCS
Publish
Publish
PublishSu
b
Subscribe
Subscrib
e or S
ync
CPOF
GRAPHICS:AFATDS POS -RPT:AFATDSTARGET:AFATDS AIR-TRK:AMDPCSGRAPHICS:AMDPCS POS -RPT:AMDPCSGRAPHICS:ASAS -L ENEMY -SIT:ASAS -LGRAPHICS:BCS3 POS -RPT:BCS3
OBS -POS:FBCB2 POS -RPT/*:FBCB2 POS -RPT:GCCS -A
GRAPHICS:GCCS -A GRAPHICS:TAIS ACO:TAIS GRAPHICS:MCS POS -RPT:MCS TASK -ORG:MCS OBS -POS:MCS FSCM:AFATDS
PLANS/ORDERS:AFATDSSALUTE:AFATDS SITREP:AFATDSSPOTREP:AFATDS SALUTE:AMDPCSPLANS/ORDERS:AMDPCSSITREP:AMDPCS SPOTREP:AMDPCSAIR ROUTES:AMPS PRAHICS:AMPSPLANS/ORDERS:AMPSHVT/HPT:ASAS PLANS/ORDERS:ASAS
PLANS/ORDERS:BCS3 SUPPLY STAT:BCS3POSS -RPT:BFT GRAPHICS:BFT
SITREP:BFT SPOTREP:BFTGRAPHICS:DTSS SITREP:FBCB2SPOTREP:FBCB2 GRAPHICS:FBCB2PLANS/ORDERS:FBCB2SALUTE:FBCB2 SITREP:FBCB2SPOTREP:FBCB2 MDMP:GCCS -APLANS/ORDERS:GCCS -ASITREP:GCCS -A GRAPHICS:ISYSCON
PLANS/ORDERS:ISYSCONPOS -RPT:JTCW GRAPHICS:JTCW
PLANS/ORDERS:JTCWSALUTE:JTCW SITREP:JTCWSPOTREP:JTCW PLANS/ORDERS:MCSPLANS/ORDERS:TAIS
OBS -POS:CPOF TASK -ORG:CPOFSIGACT:CPOF CMD-INTENT:CPOFGRAPHICS:CPOF FSCM:CPOFPLANS/ORDERS:CPOFSITREP:CPOF SPOTREP:CPOFPOS -RPT:CPOF MDMP PRODUCTS:CPOF
POS -RPT : FBCB2, MCSOBS -POS : FBCB2
SIGACT : CPOFMTI : CGSGround -Tracks : CGS
UAV VIDEO : CGSTARGET : AFATDSWEATHER2 : IMETSGRAPHICS : MCS, BCS3
DDS Node DCGS-A
ENEMY-SIT (BCS3, AMPS, AMDWS , MCS, TAIS, AFATDS, DTSS )
GRAPHICS ( AMDWS, MCS, AFATDS, CGS, TAIS, DTSS, BCS3
Indications and Warnings ( ? )
Subscribe
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuestCyberspace Threat Emulation
(AKA Red Teaming)
2016/03/17Ken Groombridge
CTR Support, Cyber Battle LabUS Army Cyber Center of Excellence & Fort Gordon
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuest Threat Emulation
Cyberspace Threat Emulation is required to stimulate the sensors in order for them to produce output which in turn is ingested and reported by cyberspace situational awareness tools.
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuest Threat Emulation
Goal:
Introduce a plethora of realistic events on the network to stimulate the sensors as to ascertain the information provided by cyberspace situational awareness tools
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuest Threat Emulation
Not the Goal:
Determine the security posture of programs of record, sensors, or cyberspace situational awareness tools
Cyberspace situational awareness tools will not be in the scope of the exercise; however, these tools should be programmed with security in mind
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuest Threat Emulation
How will this be accomplished:
There will be representative client systems (physical/virtual/both) on the network which will be within scope
Traffic will be sent to and from these systems in order to provide stimulus for sensors
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuest Threat Emulation
Event Generation:
Threat emulation events will be preconfigured/scripted so that they can be accurately repeated for each scenario
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
CyberQuest Threat Emulation
Ken [email protected]: (706)791-5245DSN: 780-5245FAX: (706)791-3799
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
TRAININGSoldier- Time needed to train one soldier to use your technology
- Number of personnel requiring training to properly demonstrate technology- Equipment available for training- Number of trainers available to conduct training- Training location requirements (computer for power point, indoors, outdoors, tables, etc.)
Soldiers- Special equipment needed to use technology- Equipment available for operations- Number of technicians available for support during the exercise- Operational restrictions (not shock protected, not water proof, etc.)
Execution
CBL Staff - Special equipment needed to support technology (RF white noise needed, SRW network required, etc.)
- Interoperability requirements (specific feeds or networks needed to pass data, etc.)