Approved for 1 GIAC CPE
This session will highlight the challenges facing the DoD and IC as they continue to chase cyber threats across all tiers of existing DoD infrastructure. The complexity of the sensor grid, the vast array of datasets, the sheer volume of data, and its velocity from the sensor grid continue to complicate the mission to defend DoD networks and tiers.
The Defensive Cyber Operations (DCO) infrastructure must be transformed to meet the challenges of advanced cyberattacks that continue to grow in complexity, scope, and number, and to truly defend the cyber landscape.
Big Rocks:
•Data acquisition and aggregation from tactical edge to the enterprise
•Big data and rapid analytic development
•Modern and scalable compute, storage, and network infrastructure (out of band)
•Secure and accredited cross domain infrastructure
•Centralized Access Control and Identity Management (IdAM)
•Cross-community sharing and collaboration
Capabilities to Enable Success:
•Localized data collection and analytics
•Out-of-band network transport to avoid saturation of existing operations network
•Multi-tier and multi-level data enrichment and correlation
•Distributed query and analytics
•Near real time data aggregation and fusion of cyber, electronic warfare, and intel
•More rapid technology infusion enabled by on-demand compute and storage for advanced, machine-based analytics, behavior and trend analysis, and machine learning
•Ability to rapidly adapt tools and approach to observable patterns of attack
•Policy that catches up to technology
A model for DCO infrastructure transformation wll be presented in this session