6.Intro to CWO Flashcards
National Security Strategy (NSS)
-Highest level of strategic planning
-Prepared by president, his cabinet and support staff–submitted to congress
-Legal foundation for the document is spelled out in the Goldwater-Nichols Act of 1986, which helped streamline the military chain of command.
-More policy rather than strategy
National Defense Strategy (NDS)
-Developed by the DOD and signed by the SecDef
-Set of overarching defense objectives that guide the DOD’s security activities and provide direction for the National Military Strategy
National Defense Strategy (NDS) – Two main goals
- To restore America’s competitive edge by blocking global rivals Russia and China from challenging the U.S. and our allies.
- To keep those rivals from throwing the current international order out of balance.
National Defense Strategy (NDS) – Three lines of effort
- Build a more lethal force
- Strengthen alliances and find new partners
- Reform the Department
National Military Strategy (NMS)
–CJCS, JCS, CCMD, and OSD prepare the NMS and deliver to SecDef
–Briefly outlines the strategic aims of the armed services by supporting the NSS and implementing the NDS
–Chief source of guidance is the NSS.
–Provides focus for military activities by defining a set of interrelated military objectives from which the service chiefs and CCMD identify desired capabilities
National Military Strategy (NMS) – Five mission areas
- Respond to threats
- Deter strategic attack (and proliferation of WMD)
- Deter conventional attack
- Assure allies and partners
- Compete below the level of armed conflict (with a military dimension
National Military Strategy for Cyberspace Operations (NMS-CO)
The Armed Forces’ comprehensive strategic approach for using cyberspace operations to assure US military strategic superiority in the cyber domain.
Joint Publication (JP) 3–12, Cyberspace Operations
Sets forth joint doctrine to govern the activities and performance of the military in joint cyberspace operations, and provide considerations for military interaction with governmental, and non-governmental agencies, multinational forces, and other inter-organizational partners.
Air Force Doctrine Document (AFDD) 3–12
The Air Force’s foundational doctrine publication for AF ops in, through, and from the cyberspace domain.
Air Force Policy Directive (AFPD) 17–2
- Establishes Air Force policy for planning and executing Air Force and joint cyberspace operations
- states the cyberspace operations related responsibilities of MAJCOMs
COCOM
Non-transferable command authority – Authority to perform those functions of command over assigned forces involving organizing and employing commands and forces; assigning tasks; designating objectives; and giving authoritative direction over all aspects of military operations, joint training, and logistics necessary to accomplish the missions assigned to the command.
Logistics
ADCON
The direction or exercise of authority over subordinate or other organizations with respect to administration and support.
Not a warfighting authority
OPCON
The authority to perform the functions of command over subordinate forces involving organizing and employing commands and forces, assigning tasks, designating objectives, and giving authoritative direction necessary to accomplish the mission.
Delegatable
does not include authoritative direction for logistics or matters of administration, discipline, internal organization, or unit training.
TACON
The authority over forces that is limited to the detailed direction and control of movements and maneuvers within the operational area necessary to accomplish missions or tasks.
Small scale
Support (Command Authority)
– Aids, protects, complements, or sustains another force.
– Used when neither OPCON nor TACON is appropriate.
– SecDef specifies support relationships between CCDRs.
General Support
That support which is given to the supported force as a whole rather than to a particular subdivision thereof
Mutual Support
That support which units render each other against an enemy because of their assigned tasks, their position relative to each other and to the enemy, and their inherent capabilities
Direct Support
A mission requiring a force to support another specific force and authorizing it to answer directly to the supported force’s request for assistance
Close Support
That action of the supporting force against targets or objectives that are sufficiently near the supported force as to require detailed integration or coordination of the supporting action with the fire, movement, or other actions of the supported force.
Department of Defense Information Network (DODIN)
– Renamed from the GIG, in 2013, this is the globally interconnected, end-to-end set of information capabilities.
– Includes all owned and leased communications and computing systems and service
– Supports the DOD, national security, and related IC missions and functions
– Provides capes for all operating locations
Cyber Mission Force (CMF)
– Directed by USCYBERCOM to be their action arm in and through cyberspace.
– Consisting of 133 Cyber Mission Teams, Joint Forces Headquarters-Cyber (JFHQ-C), and a Cyber National Mission Force.
Drove CMF Creation – DODs 3 mission areas
- Secure, Operate, and Defend the DODIN
- Defend the Nation against cyberspace attack
- Provide CCMD support
Three lines of operations, by which the CMF carries out the three mission areas
- DODIN Operations
- Defensive Cyberspace Operations (DCO)
- Offensive Cyberspace Operations (OCO)
CMF three subordinate commands
- Cyber National Mission Force (CNMF)
- Cyber Protection Force (CPF)
- Cyber Combat Mission Force (CCMF)
CNMF / CNMF-HQ
-Direct and synchronize full spectrum cyberspace operations to, on order, deter, disrupt, and if necessary, defeat adversary cyberspace actors in order to defend the DODIN, US critical infrastructure/key resources, and the nation
-defend the US and its interests against cyberspace attacks of significant consequence
National Mission Teams (NMTs)
– Aligned against a specific cyber threat.
– Tactical units - missions normally include defensive cyberspace operations-response actions (DCO-RA), in order to protect and defend the DODIN or other blue cyberspace, when ordered.
National Support Teams (NSTs)
Provide specialized technical, analytic, and planning support to NMTs.
Cyberspace Protection Force (CPF)
– “Largest slice of CMF pie” 68 CPTs
– Enable a supported commander’s mission capabilities and in supporting infrastructure by conducting survey, secure, protect, and recover missions to prepare local cyberspace defenders to sustain an advanced cyberspace defense posture and to defend the supported commander’s critical assets and Cyberspace Key Terrain (C-KT)
– Conduct hunt missions to determine if a suspected compromise has taken place
Joint Force Headquarters-DoDIN (JFHQ-DODIN)
– Provides unity of command and unity of effort to secure, operate, and defend the DODIN.
– Operates as a C2 headquarters
– Employs an operational-level C2 approach.
– Delegated directive authority of cyberspace operations over all DOD agencies by CDRUSSTRATCOM
Cyber Protection Teams (CPTs)
– Operate the CVA/H weapon system
– Real-time DCO
DODIN CPTs
Conduct their mission on DODIN systems and networks in support of DISA
CCMD CPTs
Assigned to specific MAJCOMs in support of the respective missions – Directed by MAJCOM they are under
National CPTs
– Fall under the Cyber Protection Force, operationally, but they report directly to CNMF-HQ.
– Operate within the AOR of CNMF includes U.S. critical infrastructure/key terrain (CI/KR) and national interests.
Service CPTs
Aligned to a particular military branch – support missions within that service.
Cyberspace Combat Mission Force (CCMF)
– Provide integrated cyberspace capabilities to support military operations and contingency plans.
– Where OCOs are carried out.
– Directed by JFHQ-C
JFHQ-C
– Supports the geographic and functional CCMDs across the globe
– Execute OPCON over the Combat Mission Teams (CMTs) and Combat Support Teams (CSTs)
– led by dual-hatted service cyberspace component commanders
Army Cyber Command (ARCYBER)
-U.S. Central Command (USCENTCOM)
-U.S. Africa Command (USAFRICOM)
-U.S. Northern Command (USNORTHCOM)
U.S. Fleet Cyber Command (FLTCYBER)
-U.S. Indo-Pacific Command (USINDOPACOM)
-U.S. Southern Command (USSOUTHCOM)
Marine Corps Forces Cyberspace Command (MARFORCYBER)
-U.S. Special Operations Command (USSOCOM)
Air Forces Cyber (AFCYBER)
-U.S. European Command (USEUCOM)
-U.S. Strategic Command (USSTRATCOM)
-U.S. Transportation Command (USTRANSCOM)
Combat Mission Teams (CMTs)
– 27 CMTs within the CMF
– Designated by the USCYBERCOM commander and operate at the tactical level of authority
– Comprised of dedicated interactive operators, analysts, targeteers, analyst reporters, linguists, and leadership.
– Conduct planned operations in support of CCMD contingency plans, crisis action plans, or other CCMD validated requirements for cyberspace effect
Combat Support Teams (CSTs)
– Comprised of capability developers, OCO analysts and planners, and DCO analysts and DCO mitigation planners.
– Develop and employ offensive cyberspace capabilities to achieve, or directly support the achievement of CCMD objectives while being integrated, synchronized and/or de-conflicted with operations in other domains
Defend the Nation Against Cyberspace Attack (CMF Mission Area)
– If directed by the president or the SecDef, the US military may conduct cyberspace operations to counter an imminent or on-going attack against the US homeland or interests in cyberspace
– To blunt attack and prevent damage to key infrastructure or loss of life.
Defend the Nation Against Cyberspace Attack (CMF Mission Area)
– If directed by the president or the SecDef, the US military may conduct cyberspace operations to counter an imminent or on-going attack against the US homeland or interests in cyberspace
– To blunt attack and prevent damage to key infrastructure or loss of life.
Secure, Operate, and Defend the DODIN (CMF Mission Area)
– Be able to secure its own networks against attack and recover quickly if security measures fail
– Prepare and be ready to operate in an environment where access to cyberspace is contested
Provide CCMD Support (CMF Mission Area)
– OCOs in support of CCMDs directed by pres or SecDef to deter or defeat strategic threats in other domains
DODIN Ops
– Proactive manner
– Designing, building, configuring, securing, operating, maintaining, and sustaining the information environment that we rely on for operations
DCO
– Passive and active cyberspace defense activities
– Designed to change current paradigm where attackers have advantage
– Ability to discover, detect, analyze, and mitigate threats, to include insider threats
OCO
Project power by the application of force in and through cyberspace. These operations are authorized like operations in the physical domains.
Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM)
– Hunting on friendly cyber terrain for threats that evade our security and directing appropriate internal responses.
– Detect, defend, analyze, and stop threats and vulnerabilities.
Defensive Cyberspace Operations-Responsive Actions (DCO-RA)
– More-so about going after the threat less about defending.
– Can operate in redspace “best defense is a good offense” stop them before they get to us
– NMTs are the sole entity who conduct DCO-RAs
Cyber Operational Preparation of the Environment (OPE)
– Non-intelligence enabling activities conducted to plan and prepare for followup cyber actions
– Testing a way into the box, pre-staging tools, creating/modifying accounts, setting up beacons, and much more
Cyber Intelligence, Surveillance, and Reconnaissance (ISR)
Focuses on tactical and operational intelligence and on mapping adversary cyberspace to support planning and future OCO/DCO
Information Operations (IO)
Intended to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own.
3 Dimension
- Physical
- Information
- Cognative
Physical Dimension (IO)
–Control systems, key decision makers, and supporting infrastructure that enable individuals and organizations to create effects.
– Includes, but is not limited to, people, command and control facilities, newspapers, books, microwave towers, laptops, smart phones, computers, or any other objects that are subject to empirical measurement
– Not confined solely to military or even nation-based systems and processes; it is a defused network connected across national, economic, and geographical boundaries.
Information Dimension (IO)
– Where and how information is collected, processed, stored, disseminated, and protected
– Command and control of military forces is exercised and where the commander’s intent is conveyed
Cognitive Dimension (IO)
– Minds of those who transmit, receive, and respond to or act on information and their processing, perception and judgement.
– Influenced by their individual and cultural beliefs, norms, vulnerabilities, motivations, emotions, experiences, morals, education, mental health, identities, and ideologies
Information Assurance (IA)
– Process of processing, storing, and transmitting the right information to the right people at the right time
Wing Cybersecurity Office (WCO)
Addresses all cybersecurity requirements on the base for IT under the control of the base communications squadron/flight, including IT of tenant units unless formal agreements exist
Wing Cybersecurity Office (WCO)
Addresses all cybersecurity requirements on the base for IT under the control of the base communications squadron/flight, including IT of tenant units unless formal agreements exist
Information Assurance Officer (IAO)
Unit-level position that acts as the single liaison between the organization and the WCO for all Computer Security (COMPUSEC) matters under the IA program
Special Security Officer (SSO)
– Security management, operation, implementation, use and dissemination of all types of SCI material within their respective organization. Including dev of classification guides and markings
– Personnel security, communications security, physical security, information security, and/or computer security
Information System/COMSEC Users
Responsible for knowing the required safeguards, and using them in accordance with their assigned duties
OPSEC Process
- Identification of Critical Information
- Analysis of threats
- Analysis of vulnerabilities
- Assessment of risk
- Application of appropriate OPSEC countermeasures
16th Air Force (AFCYBER)
Integrates multisource intelligence, surveillance, and reconnaissance, cyber warfare, electronic warfare, and information operations capabilities across the conflict continuum to ensure that our Air Force is fast, lethal and fully integrated in both competition and in war. Sixteenth Air Force provides mission integration of Information Warfare (IW) at operational and tactical levels… recognizing the role of information in creating dilemmas for adversaries in competition and, if necessary, future conflicts.
616th Operations Center (616 OC)
Receives orders and tasks from U.S. Cyber Command and, in turn, tasks 16th AF subordinate units to perform a wide range of cyber missions in support of Air Force and joint force commanders
– C3MS Weapon System
67th Cyberspace Wing (67 CW)
Lackland
Mission: Delivering cyberspace outcomes to generate a decisive advantage across the continuum of conflict for the Nation
Execution arm for generating, projecting, and sustaining combat power with the employment of the Cyberspace Vulnerability Assessment/Hunter (CVA/H) weapon system
The 67 CW consists of the following four groups:
(1) 67th Cyberspace Operations Group (67 COG)
(2) 318th Cyberspace Operations Group (318 COG)
(3) 567th Cyberspace Operations Group (567 COG)
(4) 867th Cyberspace Operations Group (867 COG)
67th Cyberspace Operations Group (67 COG)
Lackland
The 67 COG has five active squadrons:
(1) 91st Cyberspace Operations Squadron (91 COS)
(2) 305th Cyberspace Operations Squadron (305 COS)
(3) 352nd Cyberspace Operations Squadron (352 COS)
(4) 375th Cyberspace Operations Squadron (375 COS)
(5) 390th Cyberspace Operations Squadron (390 COS)
mission is to provides forces to conduct Air Force computer network operations for United States Strategic Command, United States Cyber Command and other combatant commands. The group conducts computer network operations and warfare planning for the Air Force, joint task forces and combatant commanders. The group also conducts Secretary of Defense-directed special network warfare missions
91 COS
Lackland
Mission: Conducts offensive cyber operations tasked by USCYBERCOM in support of world-wide Combatant Commander objectives. Executes computer network exploitation as a National Security Agency delegated authority to address intelligence community requirements. Degrades, disrupts, denies, deceives and exploits adversary information systems. Presents trained forces to USCYBERCOM as part of the CMF.
305 COS
Ft. Gordon
Mission: Conducts offensive cyberspace operations in support of Combatant Commands
352 COS
Hickam
Mission: Generate, conduct, and sustain offensive cyberspace operations.
375 COS
Lackland
Mission: Conduct offensive cyberspace and ISR operations in support of Combatant Command objectives
390 COS
Lackland
Mission: Generate mission-ready offensive cyber maneuver forces for USCYBERCOM and build cyber tacticians for our Service, Joint Force, and Nation.
318th Cyberspace Operations Group (318 COG)
Lackland
Innovate, Partner & Deliver combat capability in, through, and from cyberspace through the development, testing, training and exercising of material and non-material solutions
The 318 COG consists of four squadrons:
(1) 39 Information Operations Squadron (39 IOS)
(2) 90 Cyberspace Operations Squadron (90 COS)
(3) 318 Range Squadron (318 RANS)
(4) 346 Test Squadron (346 TS)
39 IOS
Hurlburt
Mission: To conduct qualification and advanced training to provide mission-ready information operations planners and cyber warfare operators for all Air Force Major Commands.
90 COS
Lackland
Mission: Accelerate Global Vigilance, Reach and Power by rapidly developing joint cyber capabilities.
The 90 COS expeditiously integrates, innovates, and deploys cyberspace capabilities to achieve priority military objectives in and through air, space, and cyberspace.
318 RANS
Lackland
Operate training and exercise ranges
346 TS
Lackland
Mission: Execute mission relevant, responsive, and rigorous validation of Department of Defense Cyber-Warfare, Electronic-Warfare (EW), and Information-Warfare (IW) capabilities.
567 COG
Scott
plans and executes cyberspace operations to assist supported commanders to fight in contested cyberspace environmen
The 567 COG consists of four squadrons:
(1) 92nd Cyberspace Operations Squadron (92 COS)
(2) 834th Cyberspace Operations Squadron (834 COS)
(3) 835th Cyberspace Operations Squadron (835 COS)
(4) 837th Cyberspace Operations Squadron (837 COS)
92 COS
Lackland
Mission: To assure Air Force and DoD mission performance by employing CPTs and performing cyberspace vulnerability assessments (CVAs) and COMSEC assessments.
834 COS
Lackland
Mission: To Employ and Exploit the unique advantages of Cyber Protection Teams in the Defense of AF and DoD Critical mission areas.
835 COS
Scott
Mission: To protect critical Air Force and Department of Defense infrastructure and mission systems
837 COS
Scott
Mission: Maintain combat superiority by dominating in cyberspace
867th Cyberspace Operations Group (867 COG)
Meade
Offensive Cyberspace Operations (OCOs) and providing defensive capabilities to the CNMF.
The 867 COG Consists of four squadrons:
(1) 315th Cyberspace Operations Squadron (315 COS)
(2) 341st Cyberspace Operations Squadron (341 COS)
(3) 833d Cyberspace Operations Squadron (833 COS)
(4) 836th Cyberspace Operations Squadron (836 COS)
315 COS
Meade
Mission: Find the enemy, exploit weaknesses, attack!
341 COS
Meade
Mission: Train and deliver operationally focused Airmen to the Cyber National Mission Force (CNMF) in defense of the nation.
833 COS
Lackland
Mission: To present, plan, and execute cyberspace operations in order to defend national information networks against cyber threats
836 COS
Lackland
Mission: To present, plan, and execute cyberspace operations in order to defend national information networks against cyber threats
688th Cyberspace Wing (688 CW)
Lackland
Mission: Engineer, build, operate, secure, defend and extend the Air Force cyberspace domain to enable and assure Air Force core missions and the Joint fight.
The 688 CW consists of four notable groups, of which, we will only discuss two:
(1) 26 Cyberspace Operations Group (26 COG)
(2) 690 Cyberspace Operations Group (690 COG)
26th Cyberspace Operations Group (26 COG)
Lackland
performs cyberspace and active-defense operations to achieve full-spectrum cyberspace capabilities through its three squadrons.
The three squadrons that fall under the 26 COG:
(1) 26th Network Operations Squadron (26 NOS)
(2) 33d Network Warfare Squadron (33 NWS)
(3) 68th Network Warfare Squadron (68 NWS)
26 NOS
Maxwell
33 NWS
Lackland
AFNOC
Mission: Find and defeat the enemy.
68 NWS
Lackland
Mission: Detect, prevent and assess risk of data content loss in Air Force networks.
CDA weapon system
7th Intelligence Squadron
Meade
conduct red-team operations, DCO, or cyber intelligence operations in support of National Security Agency
35th Intelligence Squadron
Lackland
Mission: Conduct ISR operations & analysis from and for cyberspace, leveraging cryptologic capabilities to enable USAF and joint operations.
Title 10-Armed Forces
Subtitle A - General Military Law, including the Uniform Code of Military Justice (UCMJ)
Subtitle B - Army
Subtitle C - Navy and Marine Corps
Subtitle D - Air Force and Space Force
Subtitle E - Reserve Components
Title 15- Commerce & Trade
Chapter 7 - National Institute of Standards and Technology (NIST)
Chapter 22 - Trademarks
Chapter 23 - Dissemination of Technical, Scientific, and Engineering Information
Chapter 63 - Technology Innovation
Chapter 100 - Cyber Security Research and Development
Title 17-Copyright
Chapter 2 - Copyright Ownership and Transfer
Chapter 3 - Duration of Copyright
Chapter 5 - Copyright Infringement and Remedies
Chapter 7 - Copyright Office
Chapter 10 - Digital Audio Recording Devices and Media
Title 18
Crimes and Criminal Procedure
Title 18 §1030
Computer Fraud
Title 18 §1343
Wirefraud
Title 18 §1362
Communication lines
Title 18 §2510-2522
Federal wire tap
Title 18 §2701–2712
Stored Communications
Title 32
National Guard
Title 50
War and National Defense
UCMJ
Article 2 - Persons subject to the UCMJ
Article 91 - Insubordinate conduct toward warrant officer, noncommissioned officer, or petty officer
Article 92 - Failure to obey order or regulation
Article 103a - Espionage
Article 103b - Aiding the enemy
Article 123 - Offenses concerning Government computers
Article 134 - General Article
The Convention on Cybercrime (2001)
Budapest
first international agreement aimed at reducing computer-related crime by harmonizing national laws, improving investigative techniques, and increasing international cooperation
2015 G-20 Summit
Ankara Turkey
All leaders agreed international law applies to us all in cyberspace and that we will all abide by the norms. We also would not allow cyberspace to be used to steal IP
United Nations Convention against Transnational Organized Crime
AKA Palermo Convention
Obligates state parties to enact domestic criminal offenses that target organized criminal groups and to adopt new frameworks for extradition, mutual legal assistance, and law enforcement cooperation
