Presentation is loading. Please wait.

Presentation is loading. Please wait.

Col Kevin Wooton Commander 31 May 2011

Published byMyrtle Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "Col Kevin Wooton Commander 31 May 2011"— Presentation transcript:

1 Col Kevin Wooton Commander 31 May 2011
67th Network Warfare Wing The Air Force’s Cyber Ops Wing Good Morning/Afternoon ___________, other distinguished visitors and wing leadership. I’m ______________ and I will be providing this morning’s/afternoon’s mission briefing. Col Kevin Wooton Commander 31 May 2011 Overall Classification: UNCLASSIFIED

2 Where we are… where we’re going
Left photo: From the famous 1929 refueling operation dubbed "Question Mark," a Fokker C-2A was refueled in flight by two modified Douglas C-1 transport aircraft. Background: General Eaker's rescue attempt of the German Junker airplane, the "Bremen", off of Greenly Island near Labrador in April 1928 led him to undertake the famous "Question Mark" flight. The "Bremen" adventure had taxed the fuel capacities of the airplanes, leaving Eaker and his cohorts on the trip (Lieutenant Elwood R. Quesada and General James E. Fechet) to speculate on the feasibility of in-flight refuelings. General Eaker brought this idea to fruition when he organized the "Question Mark" endurance flight in January Eaker secured the approval of the chief of the Air Corps, worked out air refueling procedures, and selected the planes and crews. At Eaker's request, Major Carl Spaatz served as the project commander while he was designated the chief pilot. The "Question Mark" flight which endured in the air over southern California for 150 hours, 40 minutes, and 15 seconds - a world record, proved that in-flight refuelings could extend the range of airplanes by several thousand miles. Everyone on the same sheet of music Put the focus on operations Something the Joint warfighter will understand Demonstrate 24 AF has a holistic view of cyber—no one else does Cyber today is where Airpower was in the 1930s…

3 Operations Of and On the Net
67 NWW Focus Conducting the full range of Network Warfare Network Operations (Establish) Net Defense (Control) Full Spectrum (Use) Defend Operate Attack Operations Of and On the Net We are currently working on a network kill chain focused on a tight OODA loop. In order to integrate and synergize this process the Wing is broken down into 3 Groups, each responsible for one or more of the previous slide’s major mission areas 67 NWW Depicted are the 3 Groups that comprise our Wing, each responsible for one or more of the previous slide’s major mission areas 690 NSG Net Ops 26 NOG Net Defense 67 NWG Full Spectrum

4 AFNetOps Vision CSAF’s Sep 00 One Air Force…One Network NOTAM committed AF to fundamentally changing the way we leverage our networks. CSAF’s msg established AFNetOps, 3 Jul 03…To effectively protect Air Force networks and the advantages they provide, network control…need[s] to be applied in a coherent, disciplined fashion under control of a single AF commander. CSAF’s 3 Aug 05 memo on AFNETOPs support to USSTRATCOM laid out a path to provide C2 of the AF network. CSAF’s 15 May 09 directive memorandum established AFNETOPS/CC authority to issue orders for the operation of AF networks. End-Game: C2 network with focused, precision results Our origin was the CSAF announcement in 2003 In 2006 ACC jumpstarted AFNETOPS by publishing the Functional concept Unity of command/unity of effort Operate as a weapon system with focused, precision results Improved mission assurance at time and place of our choosing Clear lines of C2 with global SA Surge capacity or reallocate resources for critical ops Improved ability to control security posture Global connectivity Log on to any AFNet machine anywhere (NEXT SLIDE)

5 O&M responsibility Matrix AFCYBER = MAJCOM NOSCs under one commander
AFNetOps Reality O&M responsibility Matrix AFMC VPN managed by NCC Except at Kirkland where its iNOSC-W AFCYBER = MAJCOM NOSCs under one commander

6 AFNet Migration (NIPRNET)
One AF-wide Active Directory Forest SCOPE 14 Networks into One 840K users across 413 sites BENEFITS for Life Single Sign-on  Anywhere Reduce System Complexity AF-wide Collaboration STATUS (9 May 11) 138K users // 29 sites 16% of AF 10 Legacy Nets Shutdown

7 Net-Defense: Current TTP
PREVENT TCNOs up 28% since 2006 ASIMS strings – filter suspicious net activity Strong relationship with vendors – share knowledge Blue assessment – see what hacker sees DETECT 24/7/365 presence Crews review 10K+ suspicious events per day Report foreign IP activity to IC Correlation analysis - low & slow Recommend IP blocks to NOD Unity of effort w/other agencies RESPOND Highly skilled computer network/forensics analysts Focal point for net intrusions Isolate exploitation method & extent of compromise Work closely with OSI & counter-intel agencies Currently AF Net D is limited to protecting at the base boundary only. Given issues with configuration management and systems standardization, this proves to be a very difficult operating environment. Our primary weapons system for defense is the Automated Security Incident Measurement system, or ASIM. This is a Gov Off-The-Shelf (GOTS) developed product used to detect known malicious activity on the network. Its key limitations are that it works in passive mode, meaning it can only alert us on activity as it occurs, and does not inherently halt the activity. While these limitations are present, our analysts are of the highest caliber and our system is robust enough to catch most attacks. However, we are limited in our Operational Risk Assessment because the sensor only tells us that data was exfiltrated, so it is difficult for us to know what was actually taken and why. I’ll talk about how the Wing is standing up a new mission to bridge this gap. In addition, we have a forensics capability which allows us to deconstruct malware (viruses, malicious code etc) in a closed laboratory environment. That information is shared with both private and Government sectors to help defend DoD and commercial networks (through the Partnership For Industry Program) We are working very hard to “Operationalize” NetD and export our training methods and requirements to the “Big Air Force”, so that in the future we can get trained and qualified net defenders from the AETC pipeline instead of having to train them “in house.” Sensors Air Force: 232 USJFCOM: 2 USCENTCOM: 108

8 Mission Operations Tempo
Different theories exists as to why the number of investigations and incidents are steadily rising. Is the adversary more active? Are we in a better position to detect their activity? Is it a combination of the two? Average time from opening of the Cat VIII investigation to Cat I, II or VII incident closure is 30 days. Not all Cat VIII investigations are later determined to be an incident. For example, if an ASIM analysts determines that data is being exfiltrated to a 3rd party data storage site this would generate a Cat VIII investigation. If it was later determined that this activity was authorized between a system administrator and a 3rd party software support center it would be closed as a Cat IX – explained anomaly. Incidents CY 2007; 33 CY 2008; 127 CY 2009; 204 CY 2010; 185 as of 3 Nov 2010 Cat VIII Investigations CY 2007; 496 CY 2008; 812 CY 2009; 906 CY 2010; 874 as of 3 Nov 2010 *CAO 20 Apr 11 FOR OFFICIAL USE ONLY

9 Full Spectrum Ops Current Units
91 NWS Telephone Network Ops 315 NWS Core of AF Ops at Ft Meade Daily joint operations

10 Current/Future Initiatives
Host-Based Security System (HBSS), desktop-level security Information Operations Platform (IOP), intrusion prevention system Network defense common operating picture (ArcSight) EnCase – Remote Incident Response Forensics (EnCase) AF Gateways (aka AF Network Increment 1), network demilitarized zone Vulnerability Lifecycle Management System (VLMS) Fidelis for Operations Security (OPSEC): SNS monitoring/Insider threat

11 Current/Future Initiatives (cont’d)
Continuity of Operations (COOP)/Alternate Operations Locations (AOL) ROE-governed TTPs/Execution: Stan/Eval Partnerships for rapid TTP and tool development: ESC, AFCA, Rome Labs, 688 IOW Active/Dynamic Defense Indications and Warnings of malicious activity based on actionable, targeted Intel

12 67 NWW - Air Force’s Execution Arm for Cyber Warfare
NetD NetE NetOps Full Spectrum As America's only Network Warfare Wing, our core mission is to execute AF network operations, defense, attack and exploitation, creating integrated air, space and cyberspace effects for the AFNetOps and Combatant Commanders. The proud men and women of the 67 Network Warfare Wing are fighting and winning in Cyberspace everyday! Subject to your questions, this concludes the briefing. UNCLASSIFIED

Download ppt "Col Kevin Wooton Commander 31 May 2011"

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
83 NOS Perspective: AFNETOPS and the AFNET Migration

83 NOS Perspective: AFNETOPS and the AFNET Migration
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
Sensors and location technologies – the front end of ISR

Sensors and location technologies – the front end of ISR
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Introduction to Information Operations Attaché Corps- SEP 09

Introduction to Information Operations Attaché Corps- SEP 09
A Combat Support Agency 1 Mission Assurance FY12 Opportunities Mission Assurance FY12 Opportunities.

A Combat Support Agency 1 Mission Assurance FY12 Opportunities Mission Assurance FY12 Opportunities.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.

CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
OVERALL CLASSIFICATION OF THIS BRIEFING IS UNCLASSIFIED

OVERALL CLASSIFICATION OF THIS BRIEFING IS UNCLASSIFIED
Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.

Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.
624 OC Perspective: Directing Cyber Operations

624 OC Perspective: Directing Cyber Operations
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Similar presentations

Ads by Google