Effective Synchronization and Integration of Effects Through Cyberspace for the Joint Warfighter 14 AUG 12 BG George J Franz III Director of Current Operations United States Cyber Command UNCLASSIFIED Approved For Public Release 1 Agenda • Joint Operations • Joint Cyberspace Doctrine – Joint Warfighting Functions – Cyberspace Domain • Command and Control C2 – Transitional C2 Model • Planning to Execution • Considerations Thoughts 2 Joint Operations • “Joint operations doctrine is built on a sound base of warfighting philosophy theory and practical experience ” - JP 3-0 • United States Cyber Command USCYBERCOM plans and executes operations in support of military objectives and in so doing adheres to applicable Joint Doctrine Execute Orders and Presidential Directives ” - Commander USCYBERCOM Insights • Effects must be synchronized to support the joint force commander’s tactical objectives operational goals and strategic endstate • Cyber Support Elements integrated into the supported Joint Forces Components planning and execution Battle Rhythm • “Acts as staff advisor to the Director of Operations” • Clear agreement as to the effects desired CERF and how they are delivered JCSR 3 Ultimate Operational Goal The ultimate goal of Situational Awareness SA and Indications and Warning I W is to maintain strategic and tactical understanding of the military cyberspace domain that informs operational risk decision supports current actions and does not interfere with ongoing operations Goal is reached by holistically examining five factors 1 2 3 4 5 Current and near-future threat environment Identified global threat and significant anomalous activity Vulnerabilities of Department of Defense DoD systems and the underlying infrastructure Prioritized key cyber terrain that allows understanding of operational and technical risk to DoD operations and networks Current operational readiness and capability of cyber forces and sensors 4 Joint Cyberspace Doctrine Joint Warfighting Function Cyber Command Objectives Authorities Cyber Effects Request Format CERF Planning Planning Warfighting Function Warfighting Function Cyber Domain Execution Command and Control Intelligence Maneuver Fires Force Protection Logistics Execution Available Forces • Sensors • Friendly Cyber Defense Forces • Firing Units • Operational Picture Integration and synchronization of cyberspace effects must occur when planning execution and warfighting functions intersect with the cyber domain 5 Joint Cyberspace Doctrine Joint Cyberspace Domain People Cyber Identity Information Layer Physical Infrastructure Geographic Layer 6 Key Terrain • Key Terrain – Any locality or area the seizure or retention of which affords a marked advantage to either combatant JP 1-02 • What does this mean in the cyber domain – Key terrain applies to those physical and logical elements of the domain that enable mission essential warfighting functions – Key terrain is temporal It changes with the mission and adversary In the absence of either these elements may be critical infrastructure or a key resource but not key terrain – Key terrain can be decomposed into personal logical informational and physical layers – Key terrain is applicable across the strategic operational and tactical levels of war – Key terrain may be fiber optic cable satellite communication SATCOM uplink downlink subnets databases with usernames and passwords even technicians themselves 7 Joint Cyberspace Domain Battle executed in minutes or seconds Response must be immediate or mission failure similar response for accident Attribution not required for a successful response Retaliation is not a condition of successful defense Crippling strategic effects if defensive preps are inadequate Preparations access development take years effects take moments Threats are inherently global and cross theaters Effects are globally dispersed and 2nd 3rd order effects may not be predictable Challengers have the advantage The architecture of the networks significantly give the aggressor the advantage 8 Command and Control United States Cyber Command USCYBERCOM USCYBERCOM is US Strategic Command’s USSTRATCOM execution arm for cyberspace operations and directs offensive cyberspace operations USCYBERCOM is directed by USSTRATCOM as the focal point for military cyberspace operations and is delegated Operational Control OPCON or Tactical Control TACON of designated forces Joint Operations Center JOC USCYBERCOM JOC coordinates synchronizes and directs operations to include a health and status of networks b vulnerabilities and detected adversary activity c priority event related tipping and cuing d dissemination of orders e adjusting countermeasures f interface with external organizations agencies Joint Cyber Center JCC Functions as the nexus for the Combatant Command cyberspace enterprise The JCC supported by USCYBERCOM serves as the staff component for planning and oversight of Combatant Command Defensive Cyber Operations DCO DoD Global Information Grid Operations DGO and Offensive Cyber Operations OCO CDRUSCYBERCOM deconflicts fires delivered in and through cyberspace 9 Transitional C2 Model Joint Task Force CSE USCYBERCOM JOC CCMD JCC CSE Joint Forces Air Cyber Commands CSE Air Integration Joint Forces Land Cyber Commands Joint Task Force CSE Joint Task Force CSE CSE Land Integration Joint Forces Maritime Cyber Centers CSE Sea Integration Joint Forces Space Operations Center CSE Spec Integration Cyber Support Elements CSE Organized from USCYBERCOM forces and stationed with Combatant Commanders CCDR for full integration with their staff Provide subject matter experts for cyberspace operations planning and other related functions Includes a forward-deployed element of USCYBERCOM or service cyber component personnel temporarily augmenting the CSE in CCDR designated locations during an operation 10 USCC Workflow for Integrated Priorities JIPCL Joint Integrated Prioritized Collection List JIPL Joint Integrated Priority List JPG Joint Planning Groups J5 OPTs Operations Planning Teams CMWG Collection Management Working Group JCMB Joint Collection Management Board MMC Mission Management Cell PWG Priorities Working Group Command Priorities J3 OPTs Operational Requirements Weaponeering J2 Intel J5 JPGs CMWG J2 Planning Requirements JCPCWG Joint Cyber Planning and Coordination Working Group CRIB Cyber Reqs and Investment Board Intelligence Requirements JIPCL PWG MMC JCMB J2 J3 Co Chair Unfunded Capability Reqs J8 CRIB CDR Approval JIPL JCPCWG MMC NSA CRC Established Battle Rhythm • CMWG – Wed 1000 • PWG – Thur 0900 • JCMB – Monthly SCC 11 • Cyber Effects Request Format CERF Process initiates cyber effects planning across all lines of operation LOOs • Links the desired effect with the tactical objective operational goal and strategic endstate • Records Tracks and Manages requests from the supported Joint Forces Command JFC • 24 7 subsequently assigned in accordance with time horizon and function • Facilitates dialogue Direct Line of Authority and transparency throughout the process • Prioritizes requests and support through the MMC reflects supported JFC prioritization 12 Collection – Analytical Drilldown Requirements Development Knowledge Understanding Critical Details Intelligence Requirement Information Requirement Indicators Specific Information Requirements Collaborative Steps and Processes Step 1 Intelligence Priorities Step 2 Intelligence Gaps What do we need to focus on the most What do we need to know the most What are the important indicators Where does the information reside How do we obtain answers J2 J3 J5 Establish intelligence priorities and focus areas J2 Identify critical intelligence gaps J2 Break down problem down to finest points J2 Identify Priority intelligence needs J2 Develop execute assess collection plans Step 3 EEIs ”Drill Down” Step 4 Collection Priorities Step 5 Strategies Assessments We would like to eventually incorporate Specific Information Requirements SIRs and Specific Observable Requirements SORs Observables or Collectables 13 Planning to Execution Conceptual Functional •Guidance and Intent •Goals Objectives •Courses of Action Problem Framing ISR Intelligence Surveillance Reconnaissance COA DEV OPORD Operational Orders Detailed •C2 •Intel •Fires •Maneuver •Log •Force Protection COA Wargame Comparison Decision ITO Integrated Tasking Orders • Intel Collection Plan • ISR Forces Sensors • OPORD Plan • ITOs • Scheme of maneuver • Fire support Plan • Joint Targeting Cycle Orders DEV COA Courses of Actions Transition DEV Development 14 Targeting Process TDNL Joint Integrated Priority List JIPL TARGET DEVELOPMENT NOMINATION OPR Submitting Agency Reviewer J2T OPR J2T Reviewer J2 TARGET DEVELOPMENT Intermediate TARGET DEVELOPMENT BASIC OPR J2T w J22 OPR OPR MIDB J2T J2T Reviewer Reviewer Observer J3 JFE J2 J2 OPR Reviewer J3 OPR J3 JFE Reviewer J3 JTCB VALIDATION Reviewer OPR J-3 Supported JFC JCM Cell TARGET VETTING OPR Supported JFC JTWG JTCB Reviewer CJTF Observer CDRUSCYBERCOM TARGET OPR DJ3 CUOPS VALIDATION TARGET VETTING Reviewer J3 OPR J2T Reviewer IC and Supported JFC TCWG J21 JTECB Observer JPG OPT TARGET DEVELOPMENT Advanced Reviewer OPR Submitting Organization INTERNAL TGT REVIEW OPR J3 JFE J2T J3 JFE TRFI Observer CTL Observer J3 JFE RTL RTL RTL RTL JTL JTL JTL JTL NSL NSL NSL NSL OPR J-3 Supported JFC Reviewer CJTF Cyber Fires Observer J3 JFE JIPTL Reviewer IC as required TNL 15 Targeting Cycle In Support of a Joint Force Commander CCMD Strategic Plans Guidance Team CSE CCMD Orders Assessment Recommendations Assessment Teams 1 End State and CDR’s Obj J358 USCYBERCOM JPGs OPTs Assessment MISREPs BDA 6 MOE CCMDs’ Execute MISREPs BDA MOP USCYBERCOM SYNCH’d Execution USCYBERCOM Orders J33 JOC 2 JFE J2T Target Development Capability Analysis and Prioritization JTECB Approved Strike Package CCMD JIPTL USCYBERCOM JIPTL Mission Planning and Force Execution 5 CCMDs’ ITO SPINS USCYBERCOM ITO SPINS USCYBERCOM MCAP CDR’s Decision 4 and Force Assignment ITO Production Team Joint Targeting Coordination Board 3 Capabilities Analysis CCMDs’ MAAPs 16 Cyber Support Package • Strike package consists of – Required items • Contingency Operations Tab-E • Intel Gain Loss Assessment National Security Agency lead-Combined Military Planning and Access Strategies CoMPAS • Political Military Assessment Defense Intelligence Agency lead • Operational Law Review USCYBERCOM Staff Judge Advocate SJA • Collateral Effects Estimation USCYBERCOM J3F Fires • Blowback Assessment USCYBERCOM J34 Counter Measures • Under exigent circumstances only these items are required – Collateral Effects Estimate USCYBERCOM Combined J3F Fires – Operational Law Review USCYBERCOM SJA 17 Joint Cyber Strike Request • Types of Fires – Scheduled • Planned targets against which cyber fires or other actions are scheduled for prosecution at a specific time – On-Call • Planned targets against which cyber fires or other actions are determined using deliberate targeting and are prosecuted based on a predetermined trigger JCSR vs CERF JCSR – Sets the timing and tempo to integrate cyber effects fires with the supported Joint Force Commander’s operation CERF – Ensures desired effects meet the Combatant Commanders objectives 18 Cyber Domain Essentials • • • • Cyberspace is a Contested Domain Cyber is Commander’s Business DoD Networks are a Warfighting Platform Unity of Effort and Unity of Command is Essential for Seamless Operations – Cyber Operations Must be Synchronized and De-conflicted Globally and Regionally • Cyberspace Forces are High Demand Low Density • Highly trained people are the centerpiece of cyberspace operations 19 Censideratigns hgughts 2