fleet design for cyber defense 11 aug 2017 fleet design for cyber defense 11 aug 2017

Second, neither consistency in organizational collaboration, separation, nor centralization will automatically translate into efficient operational cyber capabilities to be deployed in intelligence contest, strategic competition, or military confrontation. The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats it faces. This creates risks that operational capability and activity may be mismatched with broader strategic or governance goals, that the military and intelligence entities operate with different purposes and goals, that political decision-making is hampered, and that democratic oversight is hindered. This Arctic Strategic Outlook describes the United States Navy's strategic approach to protect U.S. national interests and promote stability in the Arctic. stream It has been replaced by the competition-dispute-confrontation triptych (Burkhard Citation2021, 8). /Type /Page This underlines the importance of intelligence. Note: According to Section 1.4 Transition Plan of the new instruction, the old DoDI 5000.02 dated Jan 7, 2015 (Change 3 dated 10 Aug 2017) has been renumbered to DoDI 5000.02T. The President made clear that his first priority is to protect the United States, allies, and partners. In recent years, the DGSE has become more open about its work, but it remains a very secretive service (Chopin Citation2017: 546). The operational capability of the DCC is, however, hampered by its limited mandate that restricts the DCCs possibility to gather intelligence and conduct reconnaissance when not in war. /Type /Pages 10th Fleet, met with Naval Postgraduate School (NPS) leadership, faculty and students the week of May 11 to discuss evolving graduate education designed to prepare tomorrow's cyber leaders. /Length 491 >> The United States is an Arctic nation1 through the state of Alaska and its surrounding territorial and Exclusive Economic Zone waters located in and around the Arctic Circle. The Norwegian Ministry of Defense (Forsvarsdepartementet Citation2019a, 19) describes it in the following way: The responsibility for network intelligence operations and offensive cyberoperations are with the Intelligence Service. Characteristics that are not meant to be fully comparable or generalizable, but rather to be discussed, explored, and questioned in future empirically driven research on the development and deployment of cyber capabilities in Europe. 3099067 The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats it faces. /Producer (Mac OS X 10.10.5 Quartz PDFContext) Euro-Atlantic Disaster Response Coordination Centre (EADRCC), NATO Public Diplomacy Divisions Co-Sponsorship Grants. Experts review the Department of the Navy's cybersecurity posture. However, the documents do neither elaborate on the organizational collaboration between the Cyber Command and the intelligence services nor how cyber operations are meant to complement to each other at the strategic, tactical, or operational levels. In military operations the Intelligence Service coordinates the activity with the Armed Forces operational headquarters (FOH). 7 The Joint Sigint and Cyber Unit (JSCU). xEAj0o@(e4%PJuUcc[6uKosX8groQWdP %0jIR~6y:YdGY mH(6cZb||aXOUc\wq H-r)G.K=[> /ColorSpace 53 0 R 120 0 obj <>/Filter/FlateDecode/ID[<75AFDF8CADBBE44E84785B8E85770F12><3A9CD3B0E9691541AA347CD2735C4F5E>]/Index[98 41]/Info 97 0 R/Length 108/Prev 121857/Root 99 0 R/Size 139/Type/XRef/W[1 3 1]>>stream Chief of Naval Operations Adm. John Richardson released 'A Design for Maintaining Maritime Superiority, Version 2.0,' Dec. 17, 2018. The 2017 Navy Program Guide describes the platforms, payloads, systems and technologies already fielded, and those being developed. Finland sees many opportunities of enhanced cooperation for example in conducting training and exercises in the cyber domain, said Mr. Jukka Juusti, Permanent Secretary of the Ministry of Defence of Finland. Arguably, the strict French division between defensive and offensive measures is being challenged by increased coordination and collaboration across defense, intelligence, and military institutions. While the principle of separation is strong on paper, the French organization of cyber capabilities is more complex. The exploratory nature of the study ensures an empirical sensitivity in line with understanding cybersecurity as a situated and contextual object of study, rather than being predetermined by the existing theories and categories (Liebetrau and Christensen Citation2021). NATO and its Allies rely on strong and resilient cyber defences to fulfil the Alliances core tasks of collective defence, crisis management and cooperative security. /MediaBox [0.0 0.0 612.0 792.0] 18 . Cybersecurity scholarship has also investigated the organization of both military cyber entities (Pernik Citation2020, Smeets Citation2019) and offensive cyber capabilities (Smeets 2018). 111th Congress (2009-2010), Senate Bill 3480 (S.3480). endobj The Netherlands presented a military cyber doctrine in 2019. (Posted Oct. 27, 2021 by Naval Aviation Enterprise Public Affairs). %PDF-1.7 % /Length 260 The mission of the DCC is to carry out offensive cyber operations in the context of armed conflict and war and act as a potential deterrent measure in time of peace (Ministry of Defense Citation2015, Citation2018). After two tragic, fatal collisions and other near misses at sea, the Readiness Reform and Oversight Council's (RROC) mandate was clear: make our Navy a safer and more combat-effective force that places the safety, readiness and training of our people first. /Resources 10 0 R 9 0 obj The signing of this arrangement is the latest example of long-standing cooperation on cyber defence between NATO and Finland. Consequently, the paper neither provides an exhaustive conceptualization of the organization of cyber capabilities, nor a set of fully fledged policy prescriptions of the requirements for intelligence services or military cyber commands to conduct specific cyber operations. The Navy must find innovative ways to defend and protect its assets against cyber attacks, a top service official said. The COMCYBER rely on the Information Management Division of the Directorate General of ArmamentFootnote11 (DGA-MI) for the development and design of cyber capabilities (Ministre des Armeses Citation2019b, 11). /Title (Fleet Cyber Command sees future Cyber Warfighting Workforce developing at NPS) On the contrary, the Military Security and Intelligence Service (MIVD) has demonstrated significant operational cyber capacity in several cases.Footnote6 Some of its work is undertaken in collaboration with the General Intelligence and Security Service (AIVD) in the Joint SIGINT Cyber Unit (JSCU).Footnote7 As a collaboration between the MIVD and the AIVD, the JSCU forms a cornerstone of the Dutch cybersecurity. As an arctic and maritime nation, U.S. economic and security interests require the Navy to work closely with U.S. interagency and foreign maritime partners to safeguard access and exploitation of Arctic resources. Fourth, in the US context, we have seen continuous debate about the dual-hat arrangement concerning the NSA and the US Cyber Command (Chesney Citation2020; Demchak Citation2021), and Lindsay (Citation2021) has recently examined and criticized the organization of the US Cyber Command. Commonwealth Heads of Government (20 April 2018), United Kingdom Ministry of Defence (February 2018), US Congress, House Committee on Foreign Affairs, (16 March 2017), Department of Defense, United States (April 2015), 112th Congress (2011-2012), Senate Bill 3523 (H.R. However, under the Joint Cyber Coordination Center (FCKS), the intelligence service collaborates and coordinates with the National Security Authority (NSM), the Policy Security Service (PST), and The National Criminal Investigation Service (Kripos) when it comes to countering and dealing with severe cyber operations (Forsvarsdepartementet Citation2020, 7677). While our work is far from complete, the following report highlights progress made and areas demanding our greatest focus to ensure success. How do I access the full text of journal articles ? It improves operational effectiveness and provides a mechanism to enhance integration and resource development. The head of the National Security Agency and Cyber Command may soon be two different jobs and the Defense Department will have a new "joint unified . It further details how each of the Office of Naval Research's (ONR) six Integrated Research Portfolios (IRPs) address the priorities for their respective naval domain customers. << The Ministry states that the ability to carry out offensive cyber operations depends on a very good understanding of the target. The Navy's community leader for Cryptology and Cyber Warfare released a new vision titled, "Navy Cryptologic & Cyber Warfare Community Vision" which serves as an aligning narrative for the community. This strategy is intended to position the United States to respond effectively to challenges and emerging opportunities arising from significant increases in Arctic activity due to the diminishment of sea ice and the emergence of a new Arctic environment. The plan highlights the Navys work in coordination with the Office of the Secretary of Defense (OSD) to build a modernized naval force that makes needed contributions to advance the Joint Forces ability to campaign effectively, deter aggression, and, if required, win decisively in combat. %%EOF This calls for cooperation and coordination across military and intelligence entities. These documents are supported by interviews with military personnel, civil servants, and scholars in the three countries. Architecting Cyber Defense: A Survey of the Leading Cyber Reference endstream Defense AT&L: November-December 2017 34 change also is needed for the Services to develop and execute an effective and efficient cybersecurity strategy. 'Cqi8fd`0"wR!|6_0zH30~33^0 {; Cyber Offense in NATO: challenges and Opportunities, Cyber Conflict Short of War: A European Strategic Vacuum, The Ontological Politics of Cyber Security: Emerging Agencies, Actors, Sites, and Spaces, Cyber Conflict vs. Cyber Command: hidden Dangers in the American Military Solution to a Large-Scale Intelligence Problem, Structuring the National Cyber Defence: in Evolution towards a Central Cyber Authority, Secrtariat gnral de la dfense et de la scurit nationale, What is the Cyber Offense-Defense Balance? Despite the divergence in organizing cyber capabilities, the three countries converge on the assumption that both responding to cyber conflict short of war and developing military cyber power are dependent on the skills, information, and infrastructure of intelligence services. Preparing for Cyber Conflict : Case Studies of Cyber Command. This includes political and legal questions of when exactly an offensive cyber operation can be regarded as a use of force. (PDF) Cyber Defense: An International View - ResearchGate This paper discusses the concept of cyber defence exercises (CDX) that are very important tool when it comes to enhancing the safety awareness of cyberspace, testing an organization's ability to . According to Sergie Boeke (2018, 28), it hampers the effectiveness and execution of Dutch cyber power that intelligence and military operations operate on different mandates, cultures, and methods of working. It is a significant factor for When is maneuvering in cyberspace for intelligence purposes vis-a-vis military cyberspace operations mutually exclusive, reinforcing, and supporting? Recent cyber incidents such as the SolarWinds,Footnote1 the Microsoft ExchangeFootnote2, and the Colonial PipelineFootnote3 hacks demonstrate how malicious cyber operations continue to question the demarcation lines between war and peace, military and civilian, and internal and external security. The final section concludes and offers recommendations for future academic and policy debate and design. He also emphasized both the long-term goal of eliminating nuclear weapons and the requirement that the United States have modern, flexible, and resilient nuclear capabilities that are safe and secure until such a time as nuclear weapons can prudently be eliminated from the world. Without the network, there is no Multi-Domain Battle. Yet, the Ministry does neither elaborate further on the relationship between intelligence and military operations nor what the internal organizational diagram looks like. The responsibilities of the agency include coordinating of the national cyber defense strategy, protecting state information networks,Footnote10 regulating critical infrastructure and the private sector, certifying products, and hosting the national Computing Emergency Response Team. Fri: 10:00 - 15:30, Author(s): Marrone, Alessandro; Sabatino, Ester, Author(s): Pawlak, Patryk; Tikk, Eneken ; Kerttunen, Mika, Global Commission on the Stability of Cyberspace, November 2019, Estonian Information System Authority, 2019, NATO Research Task Group (RTG) IST-152 Intelligent Autonomous Agents for Cyber Defense and Resilience (March 2018), U.S. Cyber Command (USCYBERCOM, March 2018, Secrtariat gnral de la dfense et de la scurit nationale, 12 fvrier 2018. Remarks by Thomas B. Modly Acting Secretary of the Navy Hampton Roads Chamber of Commerce, Hampton Roads, VA December 10, 2019. Fri: 10:00 - 15:30, NATO Secretary General's Annual Report 2020, NATO Secretary General's Annual Report 2019. Sx~otSKu'NKm c*(,G\X$u62|zJ^C1_ $7{j>3$+908 |xGcMxyI-udI&w6$E>Z@h1;{5_#wJMeB?8x7c9FFugDa+Qf;;~ LAAD Defence & Security 11 - 14 Apr 2023 | Rio de Janeiro - RJ, . Developing cyber defense capabilities for military aircraft Yet, the review does not elaborate on when, how, or in collaboration with whom. xSN@oKK/jAT#2!!VBDw4BUwx9:aM_r$F/U?|x+U_-iz The White House Blog - Melissa Hathaway (29 May 2009), White House 60-Day Cyberspace Policy Review (2009), U.S. Department of Homeland Security (February 2003). endobj PB2022 provides planned funding to procure ships included in FY2022. << 8 0 obj Why does Norway not have a standalone cyber command? . Cybersecurity has the attention of senior DoD officials and the Service chiefs. /Parent 2 0 R How to make sure that increased collaboration and sharing of (human, technical, and economic) resources across military and intelligence entities create the desired effectiveness, synergy, and flexibility? << Architecting Cyber Defense: A Survey of the Leading Cyber Reference The MIVD and JSCU are therefore crucial partners for the DCC. These are protection, military action, intelligence, and judicial investigation (Secrtariat gnral de la dfense et de la scurit nationale Citation2018, 56). extremity, deviancy, or similarity, but because they highlight more general characteristics of the organization of cyber capabilities in Europe (Flybjerg Citation2006). objective to transition to commander-driven operational risk assessments for cybersecurity readiness. Third, the proposed measures for increased cyber-security lack legal force. Update: DoD Instruction 5000.02 "Operation of the Adaptive Acquisition Framework" dated 23 January 2020 has been released. /CropBox [0.0 0.0 612.0 792.0] This was recently recalled, and contrasted with the Anglo-Saxon model, in the landmark 2018 Cyber Defense Strategic Review, drawn up under the authority of the General Secretariat for Defense and National Security (SGDSN). While we have seen a proliferation of military cyber commands among NATO members in the past decade (Pernik Citation2020; Smeets Citation2019), the military involvement in cyber affairs is often justified with reference to the permanence of cyberwar on the political side. /Contents [7 0 R 8 0 R 9 0 R] endobj Along the same line, the Ministry of Defense emphasizes, in its Defence Vision 2035: Fighting for a safer future, the need for organizational decompartmentalization when countering hybrid threats in the information environment (Ministry of Defense Citation2020, 17) and promises to devote attention to the hybrid strategic competition between war and peace (Ministry of Defense Citation2020, 23). stream stream endstream endobj startxref endobj The JSCU forms the cornerstone of the Dutch defense against advanced state-sponsored cyberattacks (advanced persistent threats) targeting ministries, infrastructure providers, and companies. Yet, as emphasized by the Norwegian Foreign Policy Institute (NUPI), given the high degree of secrecy around these issues, we do not know the division of labor between PST [Police Security Service], NSM [National Security Authority] and the Intelligence Service here, but it can be demanding to maintain concrete and formal distinctions between acquisition, impact operations, and security measures in the digital space. The DCC does not have mandate to play an active role in disrupting continuous adversarial cyber behavior short of war. Success of military operations in the physical domains is increasingly dependent on the availability of, and access . NATO and Finland step up cyber defence cooperation First, the ANSSI can respond to a computer attack affecting the national security of France by carrying out the technical operations necessary to characterize the attack and neutralize its effects by accessing the information systems that are at the origin of the attack (Gry Citation2020). Intelligence in the Cyber Era: evolution or Revolution? With the 2013 military programming law, the French defense saw the establishment of the first real operational cyber defense chain (Gry Citation2020). endobj NATO Headquarters Mimic defense: a designed-in cybersecurity defense framework DON strategy to treat innovation beyond just about buying a new platform or weapon system; by changing the way we think, challenging outdated assumptions, and removing bureaucratic processes that prevent great ideas from becoming reality. Another potential military-intelligence loophole concerns the design and development of cyber capabilities. CDR_V2N1_2017.indd 17 3/9/17 10:41 PM. It is, however, unclear whether decision-makers have systematically assessed the implications of the organizational structure for the ways in which the two dimensions relate to and shape one another at strategic, tactical, and operational levels. According to Microsoft President Brad Smith, the largest and most sophisticated attack the world has ever seen (Villarreal Citation2021). Drawing out key organizational differences and ambiguities, the analysis identified three models of organizing military and intelligence relations: A Dutch collaboration model, a French separation model, and a Norwegian centralization model. It describes both intelligence and military cyber operations as offensive actions, notes that they are usually carried out in the network of the opponent, and stresses that their execution falls under the responsibility of the chief of the intelligence service (Forsvarsdepartementet Citation2014, 6 and 17). Guidance articulates Secretary Del Toro's vision to build, train, and equip the worlds most powerful naval force to meet both todays operational demands and the warfighting needs of the future. Moreover, it spurs the risk that the operational capability and activity of intelligence and military entities are mismatched with the broader strategic or governance goals. This blueprint describes how the Department will apply naval power as we continue to prepare for a more navigable Arctic Region over the next two decades. It was prepared by the Office of the Chief of Naval Operations, Deputy Chief of Naval Operations for Warfighting Requirements and Capabilities (OPNAV N9) and approved for release by the Office of the Secretary of the Navy. /Im3 56 0 R The development and deployment of these cyber capabilities weave together strategic guidance, legal mandate, doctrinal procedures, human skills, technological capacity, and organizational arrangement (see also Slayton Citation2017, Smeets Citation2022). Reports - Cyber Defence - NATO Library at NATO Library Given the secrecy and confidentiality that shroud the topic and the lack of existing studies, the conclusions of this piece are to be considered tentative. NATO will continue to adapt to the evolving cyber threat landscape. The "Naval Aviation Vision, 2016-2025" presents a unified U.S. Navy and Marine Corps roadmap to deliver the current readiness and future capability required of Naval Aviation in support of national strategy. it is, according to the Ministry of Defense, neither necessary nor desirable to create a cyber command outside the Intelligence Service. 8 The highest-ranking civil servant in the Dutch Ministry of Defence. Registered in England & Wales No. Some of this work is undertaken in collaboration with the civilian General Intelligence and Security Service (AIVD) in the Joint SIGINT Cyber Unit (JSCU). (Liebetrau Citation2022, 16). The vision is anchored on a three-pronged approach of readiness, capability and capacity, and spans all aviation-related platforms and weapons. This should be done with great sensitivity to tangential elements of developing and deploying cyber capabilities such as strategic guidance, legal mandate, doctrinal procedures, human skills, technological capacity as well as the specificity of national contexts. This development finds support in the Strategic Vision of the Chief of Defense Staff from October 2021. The study team developed a series of observations and recommendations for continuous learning throughout the naval services. NATO and North Macedonia strengthen responses to cyber threats(19 February 2021). This paper explores how the Netherlands, France, and Norway organize their cyber capabilities at the intersection of intelligence services and military entities and provides recommendations for policy and research development in the field. In the face of a rapidly evolving cyber threat landscape, strong partnerships play a key role in effectively addressing cyber challenges. Request PDF | On Jun 1, 2017, Risa Savold and others published Architecting Cyber Defense: A Survey of the Leading Cyber Reference Architectures and Frameworks | Find, read and cite all the . This has arguably led to overly militarized approaches to cyber security (Burton and Christou Citation2021, 1732). These principles encompass the DONs cyberspace activities across the entire competition continuum, from day-to-day competition to crisis and conflict. /Contents 34 0 R Secretary of the Navy, Year 3 strategic vision, goals, and implementation guidance FY2020-2023. It states that the post-cold war peace-crisis-war continuum no longer applies. 98 0 obj <> endobj This calls for cooperation and coordination across military and intelligence entities. /Parent 2 0 R Brussels Summit Declaration. This raises concern that the operational cyber capability of the Netherlands is hampered by the current organizational structure and legal mandate. Instead, its operations are based on a specific intelligence services legislation.Footnote9 The legal framework does allow MIVD to conduct counter-operations. Belgium, Mon - Thu: 10:00 - 17:00 August DEFENSE CYBERSECURITY - Government Accountability Office << They suggest that strategy must be unshackled from the presumption that it deals only with the realm of coercion, militarised crisis, and war in cyberspace (Harknett and Smeets Citation2022, 2). 9 These operations are based on 2017 Intelligence and Security Services Act and are not conducted as military operations. 2 A Chinese-led hacking spree exploiting vulnerabilities in Microsofts Exchange Server to gain access to more than 30.000 victims in the US alone (Conger and Frenkel Citation2021). hbbd``b`$ +qUAD=""gVH0* /Parent 2 0 R Language in the 2017 National Defense Authorization Act called for the elevation of U.S. Cyber Command's status and the end of the "dual-hat" role for its leader. Private Sector Cyber Defense : Can Active Measures Help Stabilize Cyberspace ? Navy Emphasizing Maritime Cybersecurity Investments European Parliament, Scientific Foresight Unit (STOA), PE 603.175, May 2017. /Type /Catalog >> While much of the US-driven academic debate has focused on if and how cyber operations reach the threshold of war, this paper focuses on the organizing of offensive capabilities between military and intelligence in Europe. /Contents 13 0 R Nurturing such debate is crucial to achieve the best decisions about how to organize and develop cyber capabilities, how to use it, and how to secure transparency and accountability. /Type /Page , NATO Resources - Cyber Defence - NATO Library at NATO Library /ExtGState 54 0 R View GAO-17-512. /Type /Page 6 0 obj Cybersecurity in the EU Common Security and Defence Policy (CSDP) : Challenges and Risks for the EU, The Cyber-Enabled Information Struggle : Russia's Approach and Western Vulnerabilities, An Analysis of Threat Perceptions : Combating Cyber Terrorism : The Policies of NATO and Turkey, Evaluated Using Game Theory in the Context of International Law, Cyber Security in the Energy Sector : Recommendations for the European Commission on a European Strategic Framework and Potential Future Legislative Acts for the Energy Sector, From Awareness to Action - A Cybersecurity Agenda for the 45th President, Guide to Cyber Threat Information Sharing, Putins Cyberwar : Russias Statecraft in the Fifth Domain, Governing Cyberspace : A Road Map for Transatlantic Leadership. DGSE is the most important service in this regard. /Annots [35 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R /C [0.718 0.329 0.0] Author (s): Pernik, Piret. As paradigmatic cases they were not chosen because of e.g. The aim of this strategy is to ensure safe, secure, and environmentally responsible maritime activity in the Arctic. Cyber Defence: Cyber threats to the security of the Alliance are complex, destructive and coercive, and are becoming ever more frequent. This report is the Department of the Navy (DON) 30-year shipbuilding plan for the FY2022 Presidents Budget (PB2022). Full article: Organizing cyber capability across military and This document provides a discussion of how Naval Aviation leadership intends to support "A Cooperative Strategy for 21st Century Seapower," and is aligned to the Chief of Naval Operations' guidance, "A Design for Maintaining Maritime Superiority," and the Commandant of the Marine Corps' "FRAGO 01/2016: Advance to Contact." 2 0 obj Third, a literature on cybersecurity governance has examined how different models of publicprivate partnerships shape cyber crisis management (Boeke Citation2018a), how states navigate between functional and national security imperatives to design governance arrangements (Weiss and Jankauskas Citation2019), what governance requirements transboundary cyber crisis entail (Backman Citation2021), and how a Central Cyber Authority (CCA) can help structure national cyber defense (Matania, Yoffe, and Goldstein Citation2017). 9/6/2017 11:24:25 AM . The organizational separation contains multiple ambiguities. /Kids [4 0 R 5 0 R 6 0 R] This is not least important in the context of a new EU Strategic Compass that aims at expanding the unions capacity to tackle cyber threats, disinformation and foreign interference (European Union External Action Service Citation2022, 7), and a new Strategic Concept for NATO stating that cyberspace is contested at all times. The United States Navy, as the maritime component of the Department of Defense, has global leadership responsibilities to provide ready forces for current operations and contingency response that include the Arctic Ocean. /Version /1.5 Drawing out these three models of organizing cyber capabilities and their dominant characteristics, should be considered a starting point for further explorations and discussions of how European countries can and ought to organize their cyber capabilities across intelligence and military entities. /AAPL#3AKeywords [()] This strategy establishes objectives to meet this aim and support national policy. An additional argument for the centralized model was given by the Ministry of Defense in written communication with the author. The United States Army War College educates and develops lead ers for service This paper discusses the need for an agile structure to inform the development of cybersecurity solutions that are not only widely adaptable to unknown threats, specific business practices, and technical requirements, but are also efficiently translatable to products. The COMCYBER is responsible for the military action chain. x[sSL%bp J+)YMA(e} UN_N?>3|6*gO|_Vm9^vrq]~uVz^g.