Fleet Cyber Readiness: Cyber Operational Response Procedures
By Dr. Lawrence Totimeh and Retired Navy Cmdr. Arnold (Arnie) Barthel III - October-December 2020
The most prevalent challenge the U.S. Navy must consider in the cyber war is the ability to identify capabilities and limitations of the current fleet in defense of cyber-attacks. This article discusses proposed measures that the Navy could explore and implement to reduce risks to the fleet. A Typical Operational Scenario The USS Ronald Reagan (CVN 76) crew manned battle stations as the Carrier Strike Group (CSG) prepares to assert Freedom of Navigation in a contested area. The overhead lights in the Combat Direction Center (CDC) are rigged for blue giving the space a calm and subdued appearance. The space is relatively quiet considering that every console in the Ship Self Defense System (SSDS) is manned and each console operator works steadily as they maneuver through the system mode functions to summon the right tactical information to do their job. However, at closer inspection, it is evident that every member of the combat team is communicating via headsets and each operator is an integral component of a highly coordinated warfighting effort. Radio communication channels in one ear, internal communication networks in the other and in front of them, a detailed digital graphic representation of a dynamic real-time battlespace and an ocean of information at their fingertips; the product of an array of advanced sensors, information systems (IS) and information technology systems we call integrated warfare systems. The human machine interface (HMI) at work. At the top of the warfighter hierarchy in this scenario, the Tactical Action Officer (TAO) orchestrates the use of every warfighting resource available to the combat team. Tactical air controllers relay tasking and flight vectors to air commanders, another air controller passes surveillance sectors to reconnaissance aircraft, and the Anti-Submarine Tactical Air Controller (ASTAC) directs sonobuoy drop points to MH 60R helicopters. Next to the TAO station, the Tactical Interface Controller (TIC) monitors and manages Link policy and parameters to ensure the Strike Group tactical picture is coherent across all participating nodes. In Tracker Alley, air and surface trackers deconflict track attributes as sensor operators manage radar parameters and weapon system controllers assure weapons posture readiness. The critical kill chain is optimized and the collective work of systems and operators give the TAO a cohesive and unambiguous tactical picture⦠or does it?
The Challenge
The question is not rhetorical. Enterprise-sponsored cybersecurity assessments conducted by Commander Operational Test & Evaluation Forces (COTF), with Navy Red Team support, explore the realm of cyber vulnerability and risk possibilities.
The unvarnished reports certainly raise awareness, but more importantly, these reports help the technical and operational communities pinpoint vulnerable attack vectors and identify risk mitigation options that may include technical solutions, operational policy, and tactics, techniques and procedures (TTP) â all working to reduce attack surfaces and enhance mission resiliency.
Enhancing Mission Assurance in Real Time â An Integrated Dynamic Solution
A solution at work is a triad effort that includes: (1) Global Department of Defense policy that provides uniformity of effort across all DoD components; (2) An integrated Cross-SYSCOM System of Systems (SoS) collaborative engineering effort chartered to develop Navy platform and mission-specific technical procedures designed to protect mission critical functions; and (3) Navy-specific policy that translates global operational cybersecurity objectives to a uniform set of actions and the command and control (C2) structure to effect and manage compliance.
The Cyberspace Protection Conditions (CPCON) process is designed to determine, establish, and communicate protection measures to ensure unity of effort across the DoD. CPCON is a dynamic and systematic approach to escalation and de-escalation of cyber protection postures. CPCON Posture 5 represents normal/low cyber-risk operational environments. CPCON Posture 1 represents very high cyber-risk operational environments. For each CPCON Posture there is a set of measures; cybersecurity and cyberspace defense actions that enable mission assurance.
Global CPCON postures are determined in a centralized process supported by national sensors and information sources. The CPCON Change Process is directed by U.S. Cyber Command and administered by Joint Force Headquarters-DoD Information Networks (JFHQ-DoDIN).
USCYBERCOM also acknowledges the need for decentralized execution to enable regional organizations and local commanders of bases, stations and ships to autonomously set higher CPCON Postures as required to support mission assurance based on regional or local cyber environments and to ensure that specialized regional and locally connected IS and IT systems support CPCON objectives.
To address technical challenge, the second component of the triad effort is a U. S. Navy Cross-SYSCOM Engineering initiative that addresses system complexities while developing procedures that translate CPCON system isolation measures into well-informed, well-engineered, well-vetted and executable sets of platform-specific technical procedures.
To accomplish the task, Naval Sea Systems Command (NAVSEA), Naval Information Warfare Systems Command (NAVWAR), Naval Air Systems Command (NAVAIR), Naval Supply Systems Command (NAVSUP) and Naval Facilities Engineering Command (NAVFAC), with OPNAV N2N6G sponsorship and support from the Naval Warfare Development Center (NWIDC), are leveraging operational technical expertise.
Fleet experimentation (FLEX) provides live and synthetic warfare operational events and includes Trident Warrior (TW) in the Commander, U.S. 3rd Fleet area of operation and large scale events (LSEs) in the Commander, U.S. 2nd Fleet AOR. TW and Naval Information Warfighting Development Center (NIWDC) staffs provide fleet interface and support asset scheduling and coordination. Other supporting stakeholders include U. S. Fleet Forces Command (USFFC) Deputy Chief Information Officer (CIO); U.S. Fleet Cyber/U. S. 10th Fleet, Navy Red Team, Naval Information Warfighting Development Center (NIWDC) and Naval Cyber Defense Operations Command (NCDOC).
In 2018, the Cross-SYSCOM Engineering Team completed live underway Cyber Operational Response (COR Procedure validation for anti-submarine warfare mission systems, logistic support systems and naval facilities control systems. The afloat component of these coordinated events were conducted aboard USS Carl Vinson (CVN 70) and USS Lake Champlain (CG 57) with operational and mission coordination support by Carrier Strike Group One (CSG 1), Commander Destroyer Squadron One (CDS 1) and the Blue Hawk Maritime Helicopter Strike Squadron (HSM 78).
In 2019, COR Procedure validation events were conducted aboard USS Theodore Roosevelt (CVN 71) and USS Pinkney (DDG 91) with operational support by CSG 15, CDS 23 and Wolfpack HSM 75.
In 2018 and 2019, Tactical Training Group Pacific (TTGP) conducted ballistic missile defense mission validation aboard USS Rafael Peralta (DDG 115) with mission planning and execution support.
These events were coordinated and supported with 3rd Fleet (C3F) Maritime Operations Center (MOC) and Naval Computer and Telecommunications Area Master Station Pacific.
These efforts are leading to COR procedure development for the warfare systems baselines represented. The collection of validated COR Procedures are incorporated into the Cyber Tech Aid (CTA); a ready guide designed to support compliance with CPCON mandated measures. To facilitate fleet introduction, CTAs are designed according to a familiar fleet tool already in use -- the Tactical Interface Controller (TIC) Technical Aid. Joint Interface Control Officers (JICOs) and platform TICs across the fleet use this tool to establish and manage complex Tactical Data Links.
The second, equally important, product is a companion decision support tool, the CYBER CAPS & LIMS (CC&L). This product informs the warfighter of the operational impacts associated with the implementation of each COR Procedure and mandated cyber control measure. The CC&L is formatted after the INTEROPERABILITY CAPS & LIMS tool; also a longstanding and familiar fleet support tool.
For 2020, the Cross-SYSCOM Engineering Team initiated the planning process to validate procedures associated with surface warfare, the surface launch missile (SLM) component of coordinated strike missions, logistic support systems and shore facility control systems.
Operational validation for these mission sets was originally tied to the biannual Rim of the Pacific (RIMPAC) multinational naval exercise via the Trident Warrior. However, due to the global pandemic plans were modified. Execution planning to complete COR Procedure validation in 2020 remains active. Venue coordination support and fleet participation are being carried out by Trident Warrior staff with SYSCOM COR Team support.
The third critical component of the triad is the U. S. Fleet Cyber Command/U. S. 10th Fleet CPCON Mandated Measures Command and Control plan. The initial operational test of the FLTCYBERCOM implementation plan was scheduled for execution during the East Coast LSE in May 2020, but was suspended due to COVID-19 travel limitations.
As the Trident Warrior 2020 rescheduling solidifies, the Cross-SYSCOM Engineering Team, with USFFC and NIWDC support, intends to engage FLTCYBERCOM and evaluate the feasibility of integrating the CPCON C2 Plan into COR Procedure validation events.
Cyber Hardened Strike Group (CHSG); precursor to the COR Procedure Process.
The CHSG Engineering Model was developed by NAVSEA 03Q with support organizations. As directed by OPNAVINST 5239.4, NAVSEA 03Q1 assembled and directed a team of cyber-skilled professionals to develop the methodology to enable risk containment and to increase combat system mission resiliency. Prior to CPCON Guidance, in the event of combat system degradation due to cyber risks, CHSG supported the rapid responses needed to mitigate the cyber-risk-to-mission to successfully carry out the mission at the Strike Group, platform, and system level.
Under CHSG, development of control point disconnect procedures was quickly identified as a critical requirement; a key product in the set of tools, processes, and procedures necessary to effectively protect the mission when operating in cyber-contested environments.
Conclusion
COR Procedure validations to date indicate that the triad effort composed of the CPCON process, the COR Technical approach and the Navy C2 Convention is a practical, uniform and effective approach to mitigate cyber vulnerabilities, reduce risk and optimize mission assurance. Plans to present the merits of this effort to fleet leadership are in progress.
While the CPCON directed process became effective in April 2019, The Cross-SYSCOM Engineering initiative was already providing an effective response to the Deputy Chief of Naval Operations for Information Warfare (OPNAV N2N6) question: âWhat can we do today to mitigate exposure of our mission critical platforms and systems to cyber vulnerabilities that can only be eliminated by long term acquisition/engineering solutions?â
The USCYBERCOM CPCON Instruction mandated compliance is a requirement now. With the right level of sponsorship, the Cross-SYSCOM Team has a proven process, tools and the methodology to deliver to the fleet the necessary resilient support tools to enable the warfighter to optimize mission readiness and meet the CPCON Operational Requirement.
The views expressed here are solely those of the author, and do not necessarily reflect those of the Department of the Navy, Department of Defense or the United States Government.
Dr. Lawrence Totimeh is the Cybersecurity Safety Program Director for Naval Sea Systems Command. Dr. Totimeh has a Bachelor of Science degree in electrical engineering technology from New Jersey Institute of Technology, Master of Science degree in Engineering Management from George Washington University, and a doctoral degree in Organizational Leadership and Information Systems Management from the University of Phoenix. He has a Certificate of Professional Development from Wharton, University of Pennsylvania, and was selected to Whartonâs Circle of High Achievers in 2009.
Retired Navy Cmdr. Arnold (Arnie) Barthel III began his 30-year Navy career as a technician and sonar operator in the Submarine Force followed by his commission as an Unrestricted Line Surface Warfare Officer leading to his extensive tactical operational experience in the employment of the AEGIS Warfare System (AWS) and the Ship Self Defense System (SSDS). His formal education includes a Masterâs in Computer Science with emphasis in Cybersecurity from DeVry University/Keller School of Management in 2017 and a Masterâs in Business Administration (MBA) with emphasis in Information Systems Management from the National University, 1986.
TAGS: Cybersecurity, Governance, IA, InfoSharing, Infrastructure, NNE, Spectrum, Telecommunications, Wireless