ebook img

DTIC ADA577085: Citizen Soldiers Ready to Defend Cyberspace PDF

0.22 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview DTIC ADA577085: Citizen Soldiers Ready to Defend Cyberspace

By MAJ Aaron Munn and John Galeotos Access The National Guard is in each state and territory Human capital and ingenuity have been and still as well as The District of Columbia. It is this access are one of our nation’s most precious assets. We are a at the local levels that enables the National Guard to nation of leaders, scientists, technological innovators, execute cyber missions where other agencies have dif- and corporate visionaries with diverse backgrounds ficulty. This distribution of forces has obvious advan- and beliefs; and nowhere in the military is this diver- tages for domestic response options and by defending sity so embraced as it is in the ranks of the National networks at a local level the nation’s cybersecurity Guard. A Citizen Soldier not posture is bolstered. Addi- only brings to the fight the tionally, the citizen-Soldier same high levels of integrity, works in the cities and towns loyalty, professionalism, and where private industry, duty as their active duty coun- corporations, and local, state terparts but, they also cultivate organizations will also ben- a diverse spectrum of civilian efit from there training and skills and experience that he expertise. or she provides during drills or National Guard lead- deployments. ers have developed strong In today’s modern society, relationships with state the additional skills that the cit- emergency response entities izen Soldier brings to the table that provide assistance in the along with their military occu- event of crisis situations in pational specialty training are the physical world; and it is becoming increasingly techni- those relationships that are cal in nature. It is not at all un- being leveraged to increase common to find a Guardsman, the Guard’s capability to as- who as a civilian, works for an sist local first responders in intelligence agency or information technology contrac- the event of a crisis within the notional world we call tor, a computer manufacturing cyberspace. or software programming corporation, or These relationships as a matter of public safety work in another related high tech field. and national security must be shaped and formed to The Guard appeals to this patriot; they are lead- develop cyber incident response plans and contingen- ers in their professional life with successful jobs or cies because, as abstract of an idea cyberspace is, it businesses, but they also want to serve our nation to touches nearly every part of our daily lives. feel a sense of pride in performing their duty and the Currently, these relationships between the Na- esprit de corps that comes from serving with other tional Guard and their state and Local governments noble men and women. are being drafted, refined, and socialized to expand Those in the National Guard are prepared and the individual efforts into a national capability. These trained to defend our nation for domestic and over- efforts identify policies, authorities, roles, and respon- seas contingencies. These ready and adaptable forces sibilities for National Guard cyber-capable forces to present additional capacity and capability that must prevent or recover from possible catastrophic effects be leveraged for defending Department of Defense, of a cyber-attack. As state National Guard units es- as well as federal and state government networks. tablish integrated cyber incident response plans with In many cases the Guard is already part of the cyber their local authorities, our cybersecurity as a nation fight through “Access,” “Capability,” and “Experi- grows. ence” to operate in this evolving environment. The National Guard also has its’ federal relation 34 Fall - 2012 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 3. DATES COVERED 2012 2. REPORT TYPE 00-00-2012 to 00-00-2012 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER Citizen Soldiers ready to defend cyberspace 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION U.S. Army Signal Center of Excellence,Army Communicator,Signal REPORT NUMBER Towers (Building 29808), Room 713,Fort Gordon,GA,30905-5301 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S) 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF 18. NUMBER 19a. NAME OF ABSTRACT OF PAGES RESPONSIBLE PERSON a. REPORT b. ABSTRACT c. THIS PAGE Same as 3 unclassified unclassified unclassified Report (SAR) Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 ships with Department of Defense. The National This training consisted of familiarization with Guard’s relationships with both state and federal or- the Army National Guard’s cyber simulation envi- ganizations provide unique opportunities to facilitate ronment, providing operator level familiarization as cyber incident response options that can be leveraged well as high level system architecture exposure to for local and national requirements. Ultimately, the understand how the flexibility of simulation platform National Guard’s access within state, federal, and could be adapted to various training requirements. Department of Defense organizations can provide In Virginia, the two units conducted a cyber exercise an integrating function for our nation’s cybersecu- where they focused on detecting threat traffic and rity efforts and provide value to the advancement of implement mitigation techniques. a cyber-common operating picture shared between The exercise scenarios ranged from denial of ser- state and federal entities. vice attacks to various different means of data exfiltra- tion to attacks against email and other critical system Capability services. Multiple scenarios were run against the team The Guard currently has cyber forces conduct- often simultaneously. The next part of this exchange ing both defensive and offensive cyber operations in will take place in the United Kingdom. The Virginia Title 10 USC and Title 32 USC status. These forces are DPU will travel to the United Kingdom sometime in generated from a mix of Signal, Military Intelligence, early Fall 2012 and conduct a reciprocal event. Information Operations, Electronic Warfare units, as Even though many of the questions that compli- well as Air National Guard Cyber units. The ele- cate the military’s role in the defense of cyberspace ments range in size from squad to company size, so are still to be answered, the Guard continues to make capabilities can vary dramatically per command. progress and grow capability in spite of the numerous In addition to these domestic and federal capabili- difficulties presented by outdated public policy and ties, the National Guard has international partner- laws that create legal gray areas. The Guard’s unique ships. The State Partnership Program matches indi- command structure enables its forces to individually vidual state National Guards with sister nations to address how they will respond to new cyberspace promote long term, enduring and mutually beneficial operations missions. The flexibility is evident in the security relationships with friendly and allied nations diverse organizational structures that currently exist around the globe. within the Guard in response to this problem set. The National Guard SPP provides forces to the Combatant Commands that encourage international Experience cooperation and understanding, develop enduring Some of America’s most significant scientific relationships, and build mutual capacity to tackle the advances, innovations, trade secrets, formulas and world’s toughest challenges – to include cyber. The algorithms exist simply as data stored and processed U. S. European Command has the most mature cyber on our nation’s networks. How do we protect these SPP with eight of its twenty-two SPPs actively in- incredibly valuable intellectual assets; especially with volved in cyber engagements with their sister nations. the difficult and complex landscape we call cyber? As The National Guard states involved are Alabama, it has been since the birth of our nation, the National California, Colorado, Connecticut, Indiana, Maryland, Guard stands ready to answer this call. Michigan, Minnesota, North Carolina, Nebraska, New It is important to understand the focus of the Jersey, Ohio, Pennsylvania, New Jersey, Tennessee, National Guard’s efforts when we discuss cyber mis- Virginia and Vermont have all conducted exchanges sions. The National Guard supports both domestic with their partner nations. and federal missions. This dual-use function is the es- Recently, the Virginia Army National Guard’s sence of what defines the “Guard” and distinguishes Data Processing Unit, a cyber-capable unit located its ability and access to support cyber defense and in Fairfax, Virginia, and the United Kingdoms’ Land response to defend the homeland. When a hurricane Information Assurance Group, demonstrated a model or wildfire threatens the citizens of a state, the expe- for an effective first-of-its-kind cyber exchange. This rience is something very tangible, frightening, and exchange enabled each participant to learn how the occasionally tragic. In these situations, the citizens of other addressed cyber defense and to train together our great nation welcome the assistance and protec- in an environment where the gaps could be identified tion of the National Guard, in fact they assume the and bridges built; both technical and policy in nature. Guard will be there and ready to respond. For over The exchange was conducted in two phases. In 327 years, the “Minutemen” have been there. the first phase, the United Kingdom and National The cyber threat is subtle and insidious. It’s not Guard Soldiers attended training on Camp Robinson, an enemy trail you can easily observe with your eyes. Arkansas at the Army National Guard’s Professional Education Center, and then ended their engagement (Continued on page 36) in Virginia. Army Communicator 35 “We will work with all the key players - including state and local governments and the private sector - to ensure an organized and unified response to future cyber incidents. Given the enormous damage that can be caused by even a single cyber attack, ad hoc responses will not do. Nor is it sufficient to simply strengthen our defenses after incidents or attacks occur.” - President Barack Obama - May 29, 2009 (Continued from page 35) plexities of operations in cyber- curity, works for CACI International space. Beyond what types of cyber Inc. as a cyber subject matter expert. It is not a rolling grey plume of units are needed to fight the fight, He is also a CW2 251A in the Dis- dust devouring our cities. It is a recruiting, training, and retaining trict of Columbia National Guard as difficult problem set that requires a the highly skilled workforce need- a CND-team chief. He has worked for different approach from responses ed in order to conduct cyberspace the Wyoming Army National Guard, to physical events like earthquakes operations is daunting. Cyber can White House Communication Agency, or fires. The recovery from a be considered a specialized craft Department of Commerce, and cur- large scale cyber attack is not as and in order to grow cyber capabil- rently at the National Guard Bureau straight forward as a truck loaded ity and capacity, it will require in- in Information Management Gover- with supplies after a hurricane or novation in many ways to include nance on the ARNG Cyber Working a plane filled with fire retardant retention. Arguably, the cyber Group. to engage a wildfire. None-the- profession may need to be treated less the response to a major cyber like Aviators and pilots, doctors, MAJ Aaron Munn is currently attack is a mission that we must or Special Forces operators: highly serving as Army National Guard’s support because it is vital to the specialized and in high demand. cyber operations project officer. His security of our nation. These professions have tailored military background and qualifica- In President Obamas’ speech programs providing mechanisms tions include information operations, on cybersecurity, May 29, 2009, he to improve overall retention; cyber public affairs, Signal, and air defense. states “We will work with all the may and perhaps should have the MAJ Munn has served in the Army key players -- including state and same approach and philosophy. National Guard for over 20 years with local governments and the private The Guard is where these assignments in three states and three sector -- to ensure an organized forces are needed. For over three mobilizations. His civilian experi- and unified response to future centuries the Guard has favored ence includes high tech investigations, cyber incidents. Given the enor- its civilian nature in peace and information security, and network mous damage that can be caused donned the fierce aspect required administrator. He is a Certified Infor- by even a single cyber attack, ad during times of war. mation Systems Security Professional, hoc responses will not do. Nor is it Microsoft Certified Systems Engineer, sufficient to simply strengthen our John Galeotos, CISSP, CCNA Se- and A+ Certified Technician. defenses after incidents or attacks occur.” The Guard has the experience needed to accomplish this mission. ACRONYM QuickScan The Guard is already there. DPU – Data Processing Unit Summary USC – United States Code There are many challenges SPP – State Partnership Program ahead of us as we address the com- 36 Fall - 2012

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.