One of the most significant challenges that USCYBERCOM faces is how execute operations to defend the Department of Defense Information Networks (DoDIN) against an array of sophisticated cyber threats. At the center of this challenge is how to synchronize organizations and forces, which each deliver a diverse set of capabilities and varying levels of experience, expertise and capacity, both within the Department of Defense (DoD) and with other government and national entities.
Tackling this challenge required an innovative approach by the USCYBERCOM team, consisting of Capt. Peter Giangrasso and Lt. Cmdr. Brian Evans, which began by focusing on the optimal future state of cyberspace defense and then developing an iterative long-term approach for achieving this end state. The approach was specifically developed to facilitate more proactive operations, enhance unity of effort and achieve economy of force across in order to counter the most challenging cyber threats to national security.
The establishment of the Proactive – Defensive Cyberspace Operations (P-DCO) Board was the initial step in the implementation of the approach pioneered by the USCYBERCOM team. The P-DCO board brought multiple organizations together to align resources and generate focused and prioritized proactive cyber protection team (CPT) operations to secure networks and strengthen DoDIN defenses. It was a significant improvement in the collaboration between organizations and the optimization of low-density high-demand resources for the identification of cyber threats and the execution of defensive actions to protect mission critical DoD systems.
Through a primarily intelligence and threat based construct, the P-DCO Board actively engaged the "total force," including cyber forces assigned to services and combatant commanders. The use of the "total force" construct resulted in an over 100 percent increase in deployment of Cyber National Mission Force (CNMF) CPTs to secure and defend the DoDIN from malicious activity by a broad range of sophisticated adversaries. In addition to improving the prioritization of CNMF CPTs, the operations authorized by the P-DCO board enhanced the skills of CPTs across the department, as well as their readiness to respond to real-world contingencies.
While the P-DCO construct was beginning to focus cyberspace defense operations, the USCYBERCOM team identified that lack of enterprise-wide guidance across a number of critical areas of cyberspace defense. As a result, the next milestone in the team’s iterative approach was the development of USCYBERCOM’s “Operational Guidance 3-2: Defensive Cyberspace Operations” and “Operational Guidance for Sensing”. “Operational Guidance 3-2: Defensive Cyberspace Operations” provides the enduring construct for the planning and execution of Defensive Cyberspace Operations (DCO), while the “Operational Guidance for Sensing” establishes sensing capability laydown in support of enhanced situational awareness necessary to execute an effective defense of the DoDIN.
These foundational documents provide coherency for the force to synchronize efforts across the enterprise by establishing detailed standards for defensive cyber operations and enabling focused collaboration efforts across all services and DoD agencies. They also identified critical gaps in DoD cyber defensive capabilities. Both documents were signed by the USCYBERCOM Commander, Admiral Rogers, and are enduring reference for collaboration and constructive cyber operational planning across DoD.
The final aspect of the USCYBERCOM team’s iterative approach was initiation of Operation GLADIATOR HUNTER, designed to synchronize all the previous efforts and lay the foundation for strategic prioritization of DCO missions across the DoD. Lt. Cmdr. Evans leads a team of special analysts and planners comprised of military officers and enlisted, government civilians and contractors who are themselves conducting innovation operational and intelligence analysis to identify and prioritize critical strategic-level DCO missions.
Capt. Giangrasso and Lt. Cmdr. Evans, through the orders process, then action these missions to provide Joint Force Headquarters – DoDIN (JFHQ-DoDIN), CNMF, combatant commanders, the services, national agencies and field activities the strategic guidance, forces, capabilities and resources to execute synchronized operations to effectively counter the most advanced and complex cyber threats. The strategic approach resident within Operation GLADIATOR HUNTER allocates low-density high-demand forces in a highly efficient manner to achieve maximum impact and effectiveness in realizing defensive effects against adversaries in cyberspace.
The combined efforts of Capt. Giangrasso and Lt. Cmdr. Evans continue to bring original concepts and inventive ways of achieving defensive effects in cyberspace, overcome institutional inertia and enable proactive measures to counter adversaries' rapidly changing cyber tactics, techniques, and procedures. Their out-of-the-box efforts broke existing paradigms for conducting defensive cyber operations. They transformed the focus of DoD cyber forces from a primarily reactive force to a force that protectively operates with speed, precision, and agility to defend the DoDIN against the most challenging and sophisticated cyber threats.
Join DON Innovation on https://www.facebook.com/NavalInnovation or https://twitter.com/NavalInnovation, or visit the DON Innovation website at http://www.secnav.navy.mil/innovation/Pages/Home.aspx. Email DON Innovation: DON_Innovation@navy.mil