Cyberspace Defense (CD) Course M01_L02 links ReferenceOnlyObject referenceObj Testing This Reference Object ReadOnlyText pageLocation Page x of y skipTopNavBtn SKIP TO CONTENT SKIP TO CONTENT SkipTopNavButtonClicked skipBtmNavBtn SKIP NAVIGATION SKIP NAVIGATION SkipBtmNavButtonClicked helpBtn Help Help. Select this button to open the help panel. HelpButtonClicked exitBtn Exit Exit. Select this button to exit the course. ExitButtonClicked courseMapBtn Course Map Course map. Select this button to access the course map. CourseMapButtonClicked glossaryBtn Glossary Glossary. Select this button open the glossary. GlossaryButtonClicked resourcesBtn Resources Resources. Select this button to access the resources for the course. ResourcesButtonClicked hideCCBtn Hide Captions Hide Captions. Select this button to hide the caption text. HideCCButtonClicked showCCBtn Show Captions Show Captions. Select this button to show the caption text. ShowCCButtonClicked turnAudioDescriptionsOffBtn Turn Audio Descriptions Off Turn Audio Descriptions Off. Select this button to turn off audio descriptions. AudioDescriptionsOffButtonClicked turnAudioDescriptionsOnBtn Turn Audio Descriptions On Turn Audio Descriptions On. Select this button to turn on audio descriptions. AudioDescriptionsOnButtonClicked skipReverseBtn Skip Backward Skip Backward. Select this button to skip a few frames back. SkipReverseButtonClicked skipForwardBtn Skip Forward Skip Forward. Select this button to skip a few frames ahead. SkipForwardButtonClicked replayBtn Replay Replay. Select this button to replay the current screen. ReplayButtonClicked transcriptBtn Transcript Transcript. Select this button for a transcript of the current page. ShowTextButtonClicked pauseBtn Pause Pause. Select this button to pause the course. PauseButtonClicked resumeBtn Resume Resume. Select this button to resume the course. ResumeButtonClicked previousPgBtn Back Back. Select this button to go to the previous screen. PreviousButtonClicked nextPgBtn Next Next. Select this button to go to the next screen. NextButtonClicked disacndv202_01 1 Welcome to the Cyberspace Defense Overview lesson. When you have completed this lesson, you will be able to identify what the DoD Information Networks, or DoDIN, are, what NetOps is, and the fundamental relationship between the DoDIN and NetOps. You will be able to define cybersecurity and cyberspace defense, and identify the unique role that cyberspace defense has within cybersecurity. There are five topics in this lesson. After you have completed this Introduction, you will learn what the DoDIN are, why it is important to protect them, and what is required to protect them. Next, you will learn about NetOps, which is the construct that is used to operate and defend the DoDIN. Then, you will learn about cybersecurity and cyberspace defense, and how cybersecurity, cyberspace defense, and NetOps are related. disacndv202_02 2 DISN, Defense Information Systems Network (DISN), The DoD consolidated worldwide enterprise-level telecommunications infrastructure that provides the end-to-end information transfer network for supporting military operations. NIPRNET, Nonsecure Internet Protocol Router Network SIPRNET, SECRET Internet Protocol Router Network disacndv202_02_01 2 MORE [no audio] Relatively few DoD information systems operate autonomously without connection to other systems or networks. Each DoD agency, field activity, combatant command, and Service: Army, Navy, Marines, and Air Force, has its own network, which is connected to the Defense Information Systems Network, or DISN. The DISN is the DoD consolidated worldwide enterprise-level telecommunications infrastructure that provides the end-to-end information transfer network for supporting military operations. The non-secure Internet protocol router network, or NIPRNET; the secret Internet protocol router network, or SIPRNET; and the DISN Video Services Global form the backbone of the DISN. The DISN connects to and is a part of the overarching network referred to as the DoD Information Networks, or DoDIN. The DoDIN include any communications and information systems that provide support to DoD. Even the Internet, with the appropriate security protections, is connected to and is part of the DoDIN. The DoDIN are the globally interconnected, end-to-end set of information capabilities, associated processes, and personnel for collecting, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The DoDIN include all owned, leased, standalone, and interconnected communications and computing systems and services; software, including applications; data; security services; and other associated services necessary to achieve information superiority. disacndv202_03 3 CIO, Chief Information Officer AO, An Authorizing Official is a senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. The Authorizing Official is formerly known as Designated Accrediting Authority (DAA). CNSS Instruction No. 4009 IT, Information Technology disacndv202_03_01 3 Operational Security The business of national security is conducted over the DoDIN. If the information on the DoDIN is at risk, our operations and personnel are at risk. If information systems become unavailable and the flow of information is disrupted, our ability to deploy troops, medical supplies, and other necessary logistics may be affected. In addition, because information systems are integral to our work, information system outages waste valuable time and taxpayer dollars. Sensitive and classified information can fall into the wrong hands if the DoDIN are not protected, monitored, and sustained. Almost every week, it seems, we read in the newspapers about a major hacking attack against some portion of the DoDIN, not just against the "dot mil" networks, but also against academic research, defense contractor, industry, acquisition, and information technology service networks upon which the U.S. Military depends. Fortunately, not all cyberspace attacks succeed, but the next time a successful cyberspace attack occurs, it could be from an adversary of the U.S. or from someone willing to give away or sell information to an adversary of the U.S. Ultimately, if information falls into the wrong hands or isn't available when it is needed, missions may be compromised. This can result in the loss of equipment, taxpayer dollars, lives, and, ultimately, loss of mission. disacndv202_03_02 3 Financial Security If the DoDIN are vulnerable, both personal and government financial information is at risk. DoD systems contain personally identifiable information, or PII, that can be exploited. Identity thieves can use this information to obtain driver's licenses, order credit cards, and withdraw money from the victim's bank accounts. Identity thieves can also ruin their victims' credit. Unscrupulous people may exploit government financial information, such as charge codes and bank account numbers. With this information, a thief could make false purchases and then transfer payments into a personal bank account. Keeping personal and government financial information safe helps to prevent identity theft and misappropriation of government funds. disacndv202_03_03 3 Technological Advantage The U.S. is a global leader in the development of new technology. This technology provides an advantage in combat. It can also provide U.S. companies an economic advantage over their domestic and international competitors. Consequently, the data contained in DoD information systems is highly desirable to both military enemies and economic competitors. This makes DoD information systems a potential target for industrial espionage, which may be perpetrated by individuals, rogue organizations, U.S. and foreign companies, or foreign governments. Even some countries that are traditionally U.S. allies have been known to commit acts of industrial espionage against U.S. companies and government representatives. As noted earlier, the U.S. Government has a responsibility to protect not only its own classified and proprietary technological information, but also the information belonging to its commercial and research partners. Industrial espionage can deprive the U.S. military of an advantage over enemies. Industrial spies can also cost U.S. businesses billions of dollars in wasted research and lost sales. The loss of sensitive U.S. Government or DoD information could threaten this nation's secrets and compromise treaty negotiations, military operations, or political advantage. The DoDIN provide the information necessary to support the DoD enterprise information environment, warfighter, intelligence, and business missions. To support these missions, the DoDIN provide information on demand, when and where it is needed. Since sharing sensitive information can also put these missions at risk, the DoDIN must be proactively protected and defended. The Secretary of Defense has stated, "We must change the paradigm in which we talk and think about the network; we must 'fight' rather than 'manage' the network, and operators must see themselves as engaged at all times, ensuring the health and operations of this critical weapons system." Everyone is responsible for protecting the DoDIN: Component Heads, Chief Information Officers, or CIOs, Authorizing Officials, or AOs, System Owners, cybersecurity and information technology professionals, and, especially, users. When the DoDIN are not secure, our missions, property, and most importantly, our personnel are at risk. Any vulnerability in the DoDIN also jeopardizes our financial security and technological advantage. Select each risk area to learn more about the potential effects if the DoDIN are compromised. disacndv202_04 4 IT, Information Technology JIE, Joint Information Environment disacndv202_04_01 4 More Information about the JIE DoDIN, DoD Information Networks JIE, Joint Information Environment UCP, Unified Command Plan TTPs, Tactics, Techniques, and Procedures CIO, Chief Information Officer [no audio] Historically, defense of the DoDIN from unauthorized intrusion and hostile attack has been accomplished through separate, subordinate, diverse architectures using a complex of different security technologies, applications, and defensive response procedures. These diverse architectures were highly compartmentalized, presenting networks with poorly delineated, sometimes overlapping boundaries and extensive attack surfaces. In October of 2010, recognizing that the DoDIN required an integrated cyberspace defense, the Secretary of Defense decided to bring together the disparate DoD Component networks through use of a single security architecture, known as the Joint Information Environment, or JIE. The JIE, as approved by the Joint Chiefs of Staff in 2012, is defined as a secure, joint information environment comprised of shared information technology, or IT, infrastructure, enterprise services, and a single security architecture for use by Joint forces, DoD and mission partners. This single security architecture is intended to collapse network security boundaries, reduce external attack surfaces, provide a defensible architecture, and ensure rapid and safe data sharing. The goal of the JIE is to achieve full-spectrum superiority, improve mission effectiveness, increase security and realize IT efficiencies among the Joint forces. Select More Information about the JIE to learn more. disacndv202_05 5 Knowledge Check 1 500 425 Select all that apply; then select Submit. Which are components of the DoDIN? A Navy network A DoD contractor's desktop computer in a classified facility processing DoD information Defense Information Systems Agency Network The NIPRNET The SIPRNET A DoD contractor system that is connected to a Marine Corps system Correct. All items from the list are part of the DoDIN. The DoDIN also includes networks and systems that apply to DoD IT consisting of information systems (ISs), platform IT (PIT), products, and IT services connected to DoDIN or separately. Incorrect. All items from the list are part of the DoDIN. The DoDIN also includes networks and systems that apply to DoD IT consisting of information systems (ISs), platform IT (PIT), products, and IT services connected to DoDIN or separately. Now check your understanding of the DoDIN. disacndv202_06 6 DoDIN, Department of Defense Information Networks disacndv202_06_01 6 Essential Tasks DoDIN, Department of Defense Information Networks IDM/CS, Information Dissemination Management/Content Staging Three essential and interdependent tasks are necessary to operate the DoDIN: DoDIN Enterprise Management, DoDIN Network Defense, and information dissemination management/content staging, or IDM/CS. DoDIN Enterprise Management is the technology, processes, and policy necessary to operate the DoDIN. DoDIN Network Defense consists of the activities that protect information and information systems while denying adversaries access to that information and information systems. Information dissemination management/content staging entails the technology, processes, and policy necessary to provide awareness of relevant, accurate information; automated access to newly discovered or recurring information; and timely, efficient, and assured delivery of information in a usable format. disacndv202_06_02 Command and Control Operating Principles 6 Net-centric, Sharing data seamlessly and in a timely manner among information system users, applications, and platforms DoDIN, Department of Defense Information Networks Using information technology and information sharing to achieve information superiority in warfighting and business operations is called net-centric operations and warfare, or NCOW. NCOW has vastly improved the speed and agility of our military forces and business processes. For the DoD to engage in NCOW, NetOps must provide a command and control framework and processes that enable seamless and timely information sharing among information system users, applications, and platforms. The DoD's goal of NCOW also requires a collaborative group of organizations to be responsible for operating and defending the DoDIN. This group is called the NetOps community of interest, or COI. The key to the successful operation and security of the DoDIN is the collaborative tactics, techniques, and procedures that will enable centralized control and decentralized execution of NetOps. disacndv202_06_03 6 Command and Control Framework and Relationships The Commander, US Strategic Command, or USSTRATCOM, has the ultimate authority and responsibility for NetOps. As directed by USSTRATCOM, the NetOps community of interest that operates and defends the DoDIN consists of both DoD and non-DoD organizations. All of these entities in the COI must interact to accomplish NetOps. USSTRATCOM has delegated operational control of NetOps to the US Cyber Command, or USCYBERCOM. disacndv202_06_04 6 Collaborative Command and Control Process Networking, Bullet Connects decision-makers across echelons and functions Bullet Is enabled by a communications and data infrastructure Sub-Bullet Employs a robust set of standards Sub-Bullet Facilitates the exchange of information and interaction Interacting, Bullet Is the social part of networking, the heart of collaboration, and is facilitated by cohesive teams Bullet Uses collaborative information tools Bullet Exchanges information across a network that spans echelons and functions Bullet Supports the development of trust and the art of command Sharing Information, Bullet Makes information available and accessible to commanders Bullet Assures that all commanders are operating from the same baseline of information Bullet Improves the quality of awareness and understanding Sharing Awareness, Bullet Is sharing an initial understanding of the operational environment Sub-Bullet Current status of the DoDIN Sub-Bullet Current operational impact assessment Bullet Improves commanders' understanding with shared baseline of information Sharing Understanding, Bullet Is a deeper understanding of the DoDIN framed by the experience and intuition of commanders across echelons and functions Bullet Allows subordinate decision-makers to understand how higher echelons view the overall situation Bullet Allows the subordinates to make better decisions and to better coordinate actions with others Bullet Allows subordinate commanders to undertake initiative in line with the higher echelons' view of the situation Bullet Allows NetOps command and control to be: Sub-Bullet More decentralized Sub-Bullet More responsive to small but important changes in the operational environment Bullet Improves the overall speed and quality of decisions Deciding, Bullet Means decisions are made in a collaborative environment by multiple decision-makers working together Bullet Does not mean decision by committee Bullet Does not require a consensus Bullet Gives commanders an understanding of the decisions being made by others in pursuit of the mission goals Bullet Allows commanders to use forces effectively Synchronizing, Bullet Arranges NetOps actions in time, space, and purpose to produce maximum DoDIN effectiveness Bullet Brings the actions of the NetOps COI as a whole in line with the commander's intent to accomplish the NetOps objectives Bullet Allows the commander to coordinate his or her timing and actions to make maximum use of the limited resources available Bullet Helps commanders build and maintain unity of effort across operations that have a diverse set of actors with a range of capabilities In the context of NetOps command and control, decisions and actions are coordinated through collaboration across multiple entities in the COI, as well as through traditional, vertical command and control within each organization. The NetOps collaborative command and control process allows commanders to share their observations, understanding, decisions, and actions with other commanders. Collaboration allows commanders to achieve a better DoDIN situational awareness. It also allows a deeper understanding of the DoDIN environment and how individual commanders' decisions will affect that environment. In addition, collaboration enables commanders to coordinate limited resources with others to achieve mission success. Roll over each term in the collaborative NetOps command and control process to learn how it is defined in this context. To proactively protect and defend the DoDIN, security must be integrated into the way the DoDIN are operated and managed. NetOps is the operational construct that DoD uses to both operate and defend the DoDIN. The goal of NetOps is to provide assured and timely net-centric services across strategic, operational and tactical boundaries in support of DoD's full spectrum of war fighting, intelligence and business missions. NetOps enables warfighters to make the best decisions possible. This warfighter support can only be achieved through NetOps service assurance goals which include systems and networks that are available when needed, information that is accurate, adequately protected, and free from corruption, and information that is delivered upon request. There are four key attributes of NetOps: essential tasks, command and control operating principles, command and control framework and relationships, and a collaborative command and control process. Select each key NetOps attribute to learn what it entails. disacndv202_07 7 UDOP, User Developed Operational Picture An important function of NetOps is to ensure that the DoDIN operates as a sensor grid that provides vital information on military and business operations and on the health and security of the DoD network. The NetOps sensor grid allows vital information from across the DoDIN to flow up and down the chain of command and across the NetOps COI. The sensor grid enables commanders to create a user-developed operational picture, or UDOP. The UDOP is like a dashboard. It shows what is occurring in the operational environment at any given time to facilitate decision-making in DoD warfighter and business missions. The sensor grid also creates a picture of the health and security of the DoDIN with a coordinated group of decentralized intrusion detection systems, or IDSs, as well as intrusion protection systems, or IPSs. IDSs detect anomalies in the DoD information systems and networks. IPSs provide anomaly detection and prevention. Anomalies can indicate a cyber attack or a problem with the network. disacndv202_08 8 Knowledge Check 1 500 425 Select the best response; then select Submit. NOT an accurate description of NetOps?]]> There are three essential tasks that are part of NetOps: DoDIN Enterprise Management, DoDIN Network Defense, and information dissemination management/content staging. NetOps uses a collaborative command and control process. NetOps provides the specific cyberspace technology that must be used on information systems connected to the DoDIN. NetOps is the operational construct that operates and protects the DoDIN. Correct. NetOps does not provide the specific cyberspace technology that must be used on information systems connected to the DoDIN. NetOps is the operational construct to operate and defend the DoDIN. The key attributes of NetOps include three essential tasks, command and control operating principles, a command and control framework, and a collaborative command and control process. Incorrect. NetOps does not provide the specific cyberspace technology that must be used on information systems connected to the DoDIN. NetOps is the operational construct to operate and defend the DoDIN. The key attributes of NetOps include three essential tasks, command and control operating principles, a command and control framework, and a collaborative command and control process. Now check your understanding of NetOps. disacndv202_09 9 Cybersecurity, Cybersecurity is the prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wireless communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. National Security Presidential Directive-54/Homeland Security Presidential Directive-23, "Cybersecurity Policy," January 8, 2008 Availability, CNSS Instruction No. 4009: The property of being accessible and useable upon demand by an authorized entity. NIST SP 800-53: Ensuring timely and reliable access to and use of information. Integrity, CNSS Instruction No. 4009: The property whereby an entity has not been modified in an unauthorized manner. NIST SP 800-53: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. Authentication, CNSS Instruction No. 4009: The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data. NIST SP 800-53: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. Confidentiality, CNSS Instruction No. 4009: The property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information. NIST SP 800.53: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Nonrepudiation, CNSS Instruction No. 4009: Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data NIST SP 800-53: Protection against an individual falsely denying having performed a particular action. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Because protecting the DoDIN is both important and challenging, active measures are necessary. The successful implementation of these measures is the goal of cybersecurity. Cybersecurity is defined as the prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wireless communication, and electronic communication, including information contained therein to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. Availability means that information is accessible when it is needed. Integrity protects information from being modified or destroyed. Authentication establishes the validity of a transmission, message, or the sender, and also verifies an individual's authorization to receive specific categories of information. Confidentiality safeguards information from individuals without the proper clearance, access level, and need to know. Nonrepudiation provides assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so later neither can deny having processed the data. All authorized DoD users are responsible for contributing to the security of all DoD information systems. It is essential that DoD users abide by the principles ofcybersecurity in their daily work routine to protect themselves and the DoD information systems to which they have access. disacndv202_10 10 Unauthorized activity, May include the disruption, denial of service, degradation, destruction, or exploitation of computer networks, information systems, or theft of the information they contain Cyberspace defense focuses on actions that are taken to protect, monitor, analyze, detect and respond to unauthorized activity in DoD information systems and networks. Unauthorized activity may include service problems for computer networks and information systems such as disruption, denial of service, degradation, destruction, or exploitation, including theft of the information the networks or systems may contain. If both cybersecurity and cyberspace defense protect and defend information and information systems, how are they different? Cybersecurity includes policies, standards, technologies, and practices that apply across the IT life cycle. Cyberspace defense is a subset of cybersecurity that refers to the specific cybersecurity actions taken to protect and defend DoD operational information systems and networks from attack, to mitigate the effects on DoD information systems and networks if attacks do occur, and to recover from these attacks by restoring full system and network operations. disacndv202_11 11 Knowledge Check 1 500 425 For each statement, select whether it is true or false; then select Submit. Cybersecurity and cyberspace defense are both activities that protect and defend DoD information systems. True False Correct. This is true. Cybersecurity and cyberspace defense are both activities that protect and defend DoD information systems. Cybersecurity protects information across the system life cycle, and cyberspace defense focuses on activities that protect operational systems. Incorrect. This is true. Cybersecurity and cyberspace defense are both activities that protect and defend DoD information systems. Cybersecurity protects information across the system life cycle, and cyberspace defense focuses on activities that protect operational systems. Cyberspace defense refers to activities that protect operational information systems and networks. True False Correct. This is true. Cyberspace defense activities apply to systems that are in operation. Cybersecurity applies to the entire system life cycle. Incorrect. This is true. Cyberspace defense activities apply to systems that are in operation. Cybersecurity applies to the entire system life cycle. Cybersecurity can be considered a sub-set of cyberspace defense activities. True False Correct. This is false. Cybersecurity is not a sub-set of cyberspace defense. Cyberspace defense is a sub-set of cybersecurity. Incorrect. This is false. Cybersecurity is not a sub-set of cyberspace defense. Cyberspace defense is a sub-set of cybersecurity. Cybersecurity includes policies, standards, technologies, and practices across the system life cycle. True False Correct. This is true. Cybersecurity includes policies, standards, technologies, and practices across the system life cycle. Incorrect. This is true. Cybersecurity includes policies, standards, technologies, and practices across the system life cycle. Now check your knowledge. disacndv202_12 12 A wide spectrum of cyberspace defense activities is necessary to protect and defend the DoDIN. To accomplish these cyberspace defense activities, DoD has designated specific services. These cybersecurity services are intended to protect the network from adverse events, detect adverse events that do occur, respond to those adverse events, and then sustain all of the protect, detect, and response services throughout their lifecycles. You will learn about each of these services in more detail later in this course. disacndv202_13 13 DoDIN, Department of Defense Information Networks IDM/CS, Information Dissemination Management/Content Staging Cyberspace defense is a major component of DoDIN Network Defense, which is one of the three essential tasks of NetOps. Without adequate computer network defense to protect and defend the DoDIN, the DoDIN would not be secure, and decision-makers might not have vital information when they need it. In today's environment, inadequate DoDIN protection and defense could mean severe damage to DoD networks and information systems, accompanied by loss of life, not only to our servicemen and women, but also to civilians. Cyberspace defense is fundamental to DoD's strategy of net-centric operations and warfare, which helps to ensure DoD mission success, including national security. disacndv202_14 14 Knowledge Check 1 500 425 Select True or False for each statement; then select Submit. Cyberspace defense is part of the DoDIN Network Defense component of NetOps. True False Correct. Cyberspace defense is part of the DoDIN Network Defense component of NetOps. Incorrect. Cyberspace defense is part of the DoDIN Network Defense component of NetOps. The four principal cybersecurity services are protection; monitoring, analysis, and detection; response; and sustainment. True False Correct. The four principal cybersecurity services are protection; monitoring, analysis, and detection; response; and sustainment. Incorrect. The four principal cybersecurity services are protection; monitoring, analysis, and detection; response; and sustainment. Cybersecurity protection services include responding to security incidents. True False Correct. Responding to security incidents is a cybersecurity response service, not a protection service. Incorrect. Responding to security incidents is a cybersecurity response service, not a protection service. Both cyberspace defense and NetOps defend the DoDIN against attacks. True False Correct. Both cyberspace defense and NetOps defend the DoDIN against attacks. Incorrect. Both cyberspace defense and NetOps defend the DoDIN against attacks. Now try this. disacndv202_15 15 Congratulations! You have completed the Cyberspace Defense Overview lesson. You should now be able to identify what the DoDIN are, what NetOps is, and the fundamental relationship between the DoDIN and NetOps. You should be define cybersecurity and cyberspace defense and identify the unique role that cyberspace defense has within cybersecurity.