1

Military Operations Research Society (MORS) Cyber Analysis WorkshopOnline Plenary Session

26 August 2008

Virtual Collaboration: now through October unclassified: http://cyberanalysis.pbwiki.com/ (advertise track and discipline group meetings) and secret wiki – send request to Mark.Gallagher@pentagon.af.mil These wiki discussions will become part of the workshop report!

Virtual Meetings: https://connect.dco.dod.mil/cyberanalysis (audio backup 877-206-5884 with code 547836)

Each track at least one DCO during September (unclassified or secret) - Information Operations Joint Munitions Effectiveness Manual (IO JMEM), Monday

15 Sep, 1400-1600 (2 pm – 4 pm) EDT (unclassified)Each discipline group at least one DCO session before17 October (unclassified or secret)Plenary DCO Summary 21 October, 1400-1600 (2 pm – 4 pm) EDT (unclassified)

Physical Meeting: Whitney, Bradley, & Brown (WBB) Consulting, Reston, Virginia, 28-30 OctoberGovernment Senior Leader virtual review, 30 October

2

Defense Connect Online (DCO)

• Connections for this meeting– DCO https://connect.dco.dod.mil/cyberanalysis

with audio through computer speakers– Audio backup, call 877-206-5884 with code

547836 for teleconference

• Anyone not connected?– If no audio, respond in chat pod– If no visual, speak up or call teleconference

3

DCO Rules of Engagement (ROE)

• Many individuals online today– We want all of your inputs!– Most of you can not talk

• DCO has the communication capabilities—this is our ROE– Chat: any time to everyone or an individual– Comment/Question pod: write any time, addressed at planned

periods– Suggestion pod: write any time, not reviewed in this session– Attendee/status: indicate “have a question” to interrupt

• Other DCO capabilities– Agenda pod– Polls will occur later in this session

4

MORS President’s Welcome

Dr. Michael J. Kwinn, Jr.President, MORS

• Thanks!!!– Dr. Henningsen, Headquarters Air Force

A9, our official workshop sponsor– Mr. Brown, WBB Consulting for facilities

for our physical meeting 28-30 October– Mr. Cares, Alidade Incorporated for

providing SharePoint site for planning• New initiatives

– Conducting both unclassified and classified tracks so uncleared individuals can contribute to solving these national security changes

– Using wikis and these online sessions so you can guide the agenda and discussions

– Vetting recommendations to senior government leaders during workshop

• Request your active participation!• Questions?

5

Work Shop Chair’s Welcome

Dr. Mark A. GallagherSecretary, MORSDeputy Director for Resource Analysis, HQ USAF/A9R

• Thanks to the many who have and are contributing

– The MORS Board of Directors and staff– Our sponsors and facilitators– The dedicated workshop staff– All participants, particularly those online

• Many opportunities for you to contribute– Most of us are new to these cyber tools– If you have questions, please ask

• Welcome your feedback and suggestions• We appreciate and value your time and

involvement!• Questions?

6

Today’s Agenda• Welcomes• Workshop Goal and Objectives• Requirements Discussion

– Video from Dr. Henningsen– AFAMS Cyber Modeling and Simulations Requirements

• Workshop Organization• Tracks Descriptions and Plans• Discipline Groups• Physical Workshop 28-30 Oct• Audience polling• How to participate

– Wiki site for comments– Online sessions – Physical meeting (requires registration)

• Join MORS

7

Workshop Goals and Objectives• Goal: Advance the analytical foundation for evaluating and

implementing options for using, protecting, and exploiting the cyber domain for government operations, particularly national security

• Objectives – Ensure attendees understand the nature of the 2008-2010 cyber threat– Improve analytical approaches and techniques that support cyberspace

operations• Establish a comprehensive list of analysis needs for cyber• Critique present and proposed analytical approaches and techniques• Prepare recommendations to senior leaders to improve cyber analysis

– Conduct discussions between workshop participants and senior government leaders on recommendations for improving the analytical capability of cyber operations

– Write an unclassified report with classified appendices summarizing the workshop.

• Initiate new cyber analysts to the available techniques and challenges• Provide recommendations for developing improved analytical approaches for

current cyber analysts and their management

8

Workshop Report• Workshop will produce a worthwhile written report

– Makes current analysts aware of other initiatives– Brings new analysts up to current capability– Provides recommendations to senior leaders on how to proceed

• Report Content– Summarizes of background – Identifies issues– Assesses current analysis approaches– Evaluates enhancements or alternative approaches– Recommends steps to develop or implement improved analytical

approaches• Report sections on each topic and by discipline areas

– Wiki discussion will provide part of the report– Workshop recommendations and rationale are also part of the report

• Both workshop and report will have unclassified and secret portions!– Uncleared and cleared participants and attendees

9

Video from our Workshop Sponsor• Her views on the needs for

cyber analysis in this 8-minute video

• Analytical techniques with capabilities similar to operations and acquisitions in other areas

• Cyber offense is more difficult than the most challenging kinetic actions, combating terrorists

• Cyber defense is more challenging than preventing crime

• Cyber is crucial to our national security

Dr. Jacqueline R. Henningsen, SES Director for Studies and Analyses, Assessments and Lessons Learned, Headquarters U.S. Air Force

MORS Sponsor and FellowCyber Analysis Workshop Sponsor

10

Cyber Modeling and Simulation Requirements Meeting Out brief• Organizer: Air Force Agency for Modeling and

Simulation (Orlando, Florida)– Dennis Paquin is the organizer

• Dennis.Paquin@afams.af.mil• COMM (407) 208-5789, DSN 970-5789

• Met 19-21 August 2008 at Lackland AFB, San Antonio, Texas

• Collected cyber modeling requirements• Dennis Paquin will provide an unclassified

summary of their results for us• Questions?

11

Workshop Structure• Staff Functions

– Security and Facilities (Greg Ehlers)– Virtual Collaboration (Todd Hamill)– Physical Meeting (Jeff Cares)– Taxonomy (Bob Koury)– WBB Site Coordinators (Dennis Baer and Tim Hope)– Senior Leader Coordination (Greg Keethler)– Advertising: (Vacant)– Workshop Bulldog (Mark Reid)

• Matrix participation for online collaboration, virtual meetings, and physical meeting– Tracks – desire co-leads external to DoD for unclassified tracks

1) Cyber Environment and Fourth Generation Warfare (Matt Berry and Ted Bennett)2) Cyber networking for situation awareness and C2 (Pat Allen)3) Cyber vulnerabilities and protection (Bud Whiteman)4) Cyber deterrence (Pat McKenna)5) Cyber exploitation and offensive operations (Col Bob Morris, Lt Col Mike Shields)6) Humans in cyber networks (Dick Deckro)7) Cyber impacts to MORS operations (Vacant)

– Discipline Groups1) Optimization (Vacant)2) Decision Analysis (Hunter Marks)3) Simulation (Sandy Thompson)4) Computer Science (Vacant)5) Social Sciences (Vacant) 6) Others?

12

Workshop Organization

• Tracks and discipline groups collaborate online– Wikis– DCO sessions

• Physical meeting alternate track and discipline group sessions • Questions?

Fourth Generation Warfare (Bennett)

Cyber C2 (Allen)

Cyber Defense (Whiteman)

Cyber Deterrence (McKenna)

Cyber Offensive (Morris)

Humans in Cyberl Networks (Deckro)

Cyber Impacts to Business Process (Vacant)

Optimization (Vacant)

Decision Analysis (Marks)

Simulation (Thompson)

Computer Science (Vacant)

Social Sciences (Vacant)

Virtual Meetings

Multi-level Security (Ehlers)

Dis

cipl

ine

Gro

ups

Physical Meeting (Cares)

Ple

nary

Ses

sion

(G

alla

gher

)

Gov

t Sen

ior

Lead

er R

evie

w (

Kee

thle

r)

Tra

cks

Virtual Collaboration (Hamill)

Ple

nary

Ses

sion

(G

alla

gher

)

Ple

nary

Ses

sion

(G

alla

gher

)

13

Unclassified and Classified Tracks

• Cyber Environment – Fourth Generation Warfare (Matt Berry and Ted Bennett)

• Cyber Situational Awareness and Command and Control (Pat Allen)

• Cyber Vulnerabilities, Protection, and Defense (Bud Whiteman)

• Cyber Deterrence (Pat McKenna)• Cyber Exploitation and Offensive Operations

(Bob Morris)• Humans in Cyber Networks (Dick Deckro)• Cyber Impacts on Business Processes (Vacant)

Classified sessions will be limited to Secret No Forn

14

Cyber Environment – Fourth Generation Warfare Track

• Lead Vacant, Co-leads Matt Berry and Ted Bennett• Track classification will be Unclassified• Fourth Generation Warfare (4GW)

– Who are adversaries? – How do they exploit the cyber world?– How do we assess their effectiveness of 4GW cyber operations?

• Network-centric operations (NCO) are a foundation concept for the U.S. military strategy

• How effective are network-centric operations against 4GW adversaries? Is the strategy more important than the network-centric capabilities?

• Questions?

15

Cyber Situational Awareness (SA) and Command and Control (C2)Track

• Lead Pat Allen• Track will be unclassified• Definitions for cyber support to C2 and SA• Operational SWOT: strengths, weaknesses and

threats for current cyber support to C2 & SA, and for future cyber support to C2 & SA

• Analytic SWOT: Analytic techniques that are strong or weak to analyze cyber support to C2 and SA for current and future operations

• Summary of findings• Questions?

16

Cyber Vulnerabilities, Protection, and Defense Track

• Lead Bud Whiteman• Session classification will be classified• Our nation, including forces contributing to national

security, rely on cyber systems and services  – What are the vulnerabilities of these systems?  – How do we protect and defend them?  

• This track focuses on analytical methods to address these questions

• Information Operations Joint Munitions Effectiveness Manual (IO JMEM) session on accreditation process for computer network defense and attack models on Monday, 15 Sep, 1400-1600 (2 pm – 4 pm) EDT

• Questions?

17

Cyber Deterrence Track• Lead Pat McKenna• Session classification will be Unclassified• How is deterring cyber similar/different from “traditional” deterrence?

– Who is the actor (e.g., state, non-state, individual)?– Attribution vs. non-attribution vs. not attributable– Lack of precedents, red lines, and established declaratory policy

• What analytic capabilities are required?– Across academic disciplines (Social sciences, OR, etc.)

• What analytic tools exist? What are the analytic gaps?• War gaming deterring cyber issues

– Is it a valuable approach?– What has been done in the past?– What are the “best practices”?

• How do you assess actions to deter cyber?– What is the contribution of cyber defense to deterring cyber?– How are 2nd (nth) order implications represented?

• Questions?

18

Cyber Exploitation and Offensive Operations Track

• Lead Bob Morris

• Session classification will be classified

• How can the US use cyber capabilities?

• How can we plan and assess the effectiveness of these techniques?

• Questions?

19

Humans in Cyber Networks Track

• Lead Dick Deckro• Session classification will be Unclassified & Classified• Investigate how issues of human interface and networking,

both social and operationally, effects cyber operations• Initial focus will be on the effects on national strategic

computer network operations, the intelligence, training, and over all operational questions will be considered

• Finally, the existence of developing cyber cultures and societies and their effects on current and future postures will be explored

• Questions?

20

Cyber Impacts on Business Processes Track

• Lead Vacant• Session classification will be Unclassified• Cyber capabilities can greatly enhance productivity and create

vulnerabilities. Government policy makers are attempting to weigh the tradeoffs.– This workshop planned to write an unclassified report using our wiki– DoD policy prohibits their employees from posting to open sites without

a public affairs reviews that requires weeks– How can DoD effectively collaborate across federal and state

government and with academia and industry?• How can we assess the benefits of using cyber tools?• Can we evaluate the vulnerabilities and risks?• Do our techniques enable assess the ability of technical means to

mitigate risks?• Questions?

21

Discipline Groups• Discipline Groups

– Simulation (Sandy Thompson)– Decision Analysis (Hunter Marks)– Optimization (Vacant)– Computer Science (Vacant)– Social Sciences (Vacant) – Others discipline groups may be added

• Groups are based on specialties or academic background– Determine how their specialty can contribute to improving the analytical

approaches– Individuals may participate in multiple discipline groups online– Individuals will be limited to a single group during the physical meeting

• Groups get visibility and work issues across the tracks– Examine issues raised by tracks– Within limit of their security clearances– Groups provide cross-fertilization of ideas for the workshop

• Groups may write their own section of the workshop report• Questions?

22

Workshop Plan• Security Procedures and Access

– Classified wiki, DCO sessions, and physical workshop tracks are limited to individuals with secret clearances.

– Unclassified wiki, DCO sessions, and physical workshop tracks are open to anyone

– DCO Sessions apply the same approval and security procedures as physical meetings. The senior leader DCO session is an internal workshop review.

• Virtual meetings and collaboration– Opening Plenary today (26 August) with this DCO session– Each track at least one DCO during September (unclassified or secret)– Each discipline group at least one before17 October (unclassified or secret)– Summary plenary unclassified DCO session 21 October– Collaboration on going on wikis– DCO meetings will be advertised on morsnet and cyberanalysis wikis and

announced through Alidade SharePoint. • Physical Meeting: 28-30 October, Whitney, Bradley, & Brown (WBB)

Consulting, Reston, Virginia• Questions?

23

Unclassified Wiki Use• www.cyberanalysis.pbwiki.com• Login in or request an account – upper right

– Account enables preferences on frequency of email notifications• You may edit anywhere – Please add you views without deleting other views

– “View” or “Edit” tabs – top left– Select “Edit” – like a simple word processor

• Add Text, just type with format functions on top• Add horizontal bar to divide section, function on top• Under “Insert Links” – Middle of right side

– Select “Page”, highlight text to be link, click on either» Existing page that is listed on right side» “Insert a link to new page”

– Select “Insert file or image”» Browse to file, click upload, click on file name in list, file inserted in text at cursor location

– You may create as many pages as you need to isolate discussion or have a unique comment thread

• Navigating the wiki pages—the top cyberanalysis will bring you back to the frontpage

24

WBB Facilities

• The physical meeting on 28-30 Oct – WBB Consulting facilities in Reston, Virginia– Sheraton is next door

• The facilities are nice and spacious

• Almost all rooms have internet capability– Senior Leader DCO session can be projected

in the various rooms

• Questions?

25

Physical Meeting ScheduleTime Tuesday

28 Oct

Wednesday 29 Oct Thursday

30 Oct

0830-1000 Plenary Session Discipline Groups Discipline Groups

1030-1200 Tracks Tracks Tracks

1200-1300 Lunch Lunch Lunch

1300-1430 Discipline Groups Discipline Groups Government Senior Leader Online Collaboration to review workshop recommendations

1500-1630 Tracks Tracks

Evening Social Wrap-Up Brief-outs

9 Ninety-Minute Sessions: 5 for Tracks and 4 for Discipline Groups

26

Workshop Participation

• Many opportunities for you to participate in enhancing our national security

• Use the Wiki sites– Learn from the background and others– Inputs, comments, suggestions

• Watch and participate in online sessions• Register and attend the physical meeting

– Go to www.mors.org for invitation

• Questions?

27

Audience Polling• Do you think this online session was worthwhile?• Do you expect to provide inputs on the wikis? (yes or no)• Which tracks do you expect to participate through either

the wikis or online sessions? (May select multiple)• Which discipline groups do you expect to participate in

either through the wikis or online sessions? (May select multiple?

• At the physical meeting, which track do you intend to attend? (Select only one)

• For the physical meeting, which discipline group do you best align with? (select only one)

28

Join MORS• MORS has been supporting the Department of Defense

(DoD) for over 40 years– Improving analysis– Networking experts– Enhancing professional development

• MORS is expanding to national and international security– Added Department of Homeland Security as a sponsor– Initiated a dialog with NASA

• View www.mors.org for more details on the society, membership, and registration for this workshop