国家网络防御中心：走向全国网络安全的关键下一步.docx

《国家网络防御中心：走向全国网络安全的关键下一步.docx》由会员分享，可在线阅读，更多相关《国家网络防御中心：走向全国网络安全的关键下一步.docx（96页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Contentsfiguresvtables vSummaryviiCyber Threats to US National Security 1Cyber threats below the level of Armed Conflict2Cyber Attacks in Crisis or Conflict4linkages between Cyber threats above and below the threshold of Armed Conflict5US Cyber Defense Strategy7What an NCDC Would Do11Cyber Deterrenc

2、e12Active Cyber Defense 14offensive Cyber Actions in Support of Cyber Defense15Cyber incident Response16Preparing for and Conducting Coordinated Cyber Defense in Crisis or Conflict18Prioritizing engagement with Key Partners19identifying escalation Risks that Could Arise in Day-to-Day execution of Ca

3、mpaign Plans19Prioritizing Key Private Sector and international Partner engagements19NCDC Supporting function: Provide a Continuous Net Assessment Process24Accelerating technology insertion 26What an NCDC Would Not Do 26NCDC Organizational Relationships, Structure, and Staffing27NCDCintheoNCD 27orga

4、nizational Structure of an NCDC27leadership and Staffing of an NCDC29Creating a National Cyber Cadre31NCDC Relationships with the NSC and DHS 31organizational Placement and Physical location 35 providers, cloud service providers, and cybersecurity companies could allow them to modify their services

5、to help a large number of private sector companies, citizens, and the US government.A key role of the NCDC would be to identify barriers to effective and timely private-public partnerships and advocate for changes in the US government necessary to improve the overall cyber defense posture of the Uni

6、ted States. Todays system is not set up for operating at the speed of relevance in crisis or conflict, and as a result, in a great power crisis or conflict, there would almost certainly be avoidable failures to “connect the dots” (or avoidable errors in rushing to judgment and incorrectly connecting

7、 dots) and to take action in a timely manner.A continuous net assessment process for cyberspace can be thought of as an ongoing simulation of strategic interactions in cyberspace between the United States and each competitor/adversary (and other relevant players).engaging State and local Governments

8、 and US Allies/PartnersThe NCDC must have strong connectivity with US states and localities to coordinate cyber efforts, including law enforcement and National Guard support. As seen in other national disaster response activities, large cities can be on the front lines and can often provide the earl

9、iest warnings that an attack is underway. One component of the NCDC, perhaps led by a senior Department of Homeland Security (DHS) person with a Federal Bureau of Investigation (FBI) deputy and connected closely to DHSs Cybersecurity and Infrastructure Security Agency (CISA), would be responsible fo

10、r bringing state and local governments appropriately into the planning process and engaging them in operational coordination. Such planning and coordination could also be facilitated by creating secure collaboration capabilities between state cyber “experl centers and the NCDC.The engagement of key

11、US allies and partners in the US governments cyber defense efforts is essential both to improving the defense of US networks and to deterring aggression overseas. The NCDC would be responsible for coordinating and proposing priorities for such engagements across domestic, defense, and intelligence a

12、gencies. One early objective for an NCDC might be to increase the coordinated activities of “like-minded nations and entities.Key Supporting function: A Continuous Net Assessment ProcessIt would be unrealistic to expect effective planning or coordinated government and private sector action to occur

13、day to day or in crisis/conflict in the absence of a shared common perspective of the current situation and an ability to share a visualization of potential future developments. Sustaining a shared common perspective requires creating and maintaining a pl at I or m for securely sharing data and anal

14、ytical insights within the US government and with select private sector partners, at appropriate classification levels. Sharing a visualization of potential future developments requires, additionally, a ganiing/sirnulation platform for conducting (human and machine) simulations and analyses aiming t

15、o anticipate the most likely and most dangerous future adversary courses of actionsincluding responses to actions that the United States might take.Providing shared perspectives on the current situation and potential future developments, through tailored visualization tools based on a wide range of

16、data sources, would be a key role of the NCDC. Such a continuous net assessment process would not be able to “predict precisely what the adversary will do, but over timeand with continued reality testingthe US ability to anticipate potential adversary courses of action should improve. A continuous n

17、et assessment process for cyberspace can be thought of as an ongoing simulation of strategic interactions in cyberspace between the United States and each competitor/ adversary (and other relevant players).This process would be supported by intelligence/counterintelligence assessments and informed b

18、y tabletop war gaming, modeling and simulation, and results from cyber range activities. The objective is not only to assess the current situation but also to assist intelligence analysts, planners, and decision-makers in anticipating potential future adversary courses of action, alternative US opti

19、ons, and how those actions and options may interact with each other and with other key actors choices.Such a net assessment process would help highlight areas where additional information and intelligence are most needed. Because adversaries are adapting as they exploit emerging cyber vulnerabilitie

20、s, this net assessment process could also generate testable hypotheses regarding next adversary moves so that intelligence assets can be directed appropriately, defensive measures can be taken, and offensive measures can be preplanned, lb counter adapting adversaries, this net assessment process mus

21、t exploit new technologies, such as artificial intelligence and machine learning.The NCDC could achieve an initial operating capability with fewer than one hundred personnel, perhaps with as few as thirty to forty.NCDC organizational Structure and StaffingAn NCDC would be an integral part of the con

22、gressionally mandated ONCD. The organizational structure of the NCDC could, and probably should, evolve over time. From the outset, its organization should be based on a few key principles. The director should be a senior civilian with both senior-level US government and private sector experience as

23、 well as the confidence of the National Cyber Director and the deputy national security advisor for cyber and emerging technology. The vice director should also be an experienced leader, with complementary expertise and background, and would likely be either active duty, reservist, or a member of th

24、e National Guard. Deputy directors should, as a group, have experience across all key departments and agencies, including the Departments of Homeland Security, Defense, State, and Treasury as well as various elements of the Intelligence Community. To ensure a continued focus on cyber adversaries, cr

25、itical planning and coordination activities should take place in “country cells (China, Russia, etc.), and the staffing for each would be drawn from multiple departments and agencies. Because the NCDC would be an extraordinarily lucrative target for cyber espionage and attack, it would need a top-no

26、tch chief information officer and chief information security officer and would need to exemplify as well as enable a diverse set of advanced tools and techniques for active cyber defense. All offices (generally under deputy directors) should be organized not by department/agency but by function, wit

27、h each having an interagency composition and with each being composed significantly of detailces from key departments and agencies.The NCDC would not displace department and agency cyber centers, but would coordinate their work. Federal cyber centers, such as the FBIs National Cyber Investigative Jo

28、int Task Force and DHSs CISA Central, would continue their work while supporting planning and coordinated campaigns orchestrated by the NCDC. Similarly, the Intelligence Communitys Cyber Threat Intelligence Integration Center would see the NCDC as a critically important customer; even as it continue

29、d to provide strategic intelligence to the NSC, it would build its capacity to provide operationally relevant and timely intelligence to the NCDC.The NCDC could achieve an initial operating capability with fewer than one hundred personnel, perhaps with as few as thirty to forty. Although the enablin

30、g legislation for the ONCD caps total personnel at seventy-five, the legislation specifically allows the office to “utilize, with their consent, the services, personnel, and facilities of other Federal agencies：” Thus, for example, a onc-hundrcd-pcrson NCDC that was 60 percent detailees would count

31、only against forty of the allowed seventy-five ONCD slots. Such a model makes good sense in any event: to effectively integrate the authorities of various departments and agencies, the NCDC should be composed mostly of detailees from key departments and agencies.The NCDCs interagency staff would con

32、duct planning, coordinate already- approved interagency actions, and raise new proposals and any concerns regarding department/agency noncompliance with the NSC.In order to succeed over time, the NCDC will need to compete successfully for its share of talented cyber professionals. Given the importan

33、ce of this national center, the president might direct department and agency heads to provide their best personnel to field an all-American cyber defense “dream team” and could further make a personal appeal to industry CEOs. Over the course of a decade or so, after there had been five or more rotat

34、ions of detailed/assigned personnel from the US government and private sector, an informal network within the federal government and between it and the private sector will have been established. If over this period the NCDC averaged seventy personnel with fifty being rotational, there could be a cad

35、re of 250 or more highly trained, experienced, and networked personnel who had rotated through the NCDC.This reality creates an important opportunity for the NCDC to serve as a flywheel for interagency and national-level training and education on cyber defense (including, in particular, experiential

36、 learning through exercises and real-world operations). An enlightened NCDC leadership would work to maximize this benefit through training and education efforts and the encouragement of continued professional relationships among those who had served in the NCDC.National Defense Authorization Act fo

37、r Fiscal Year 2021, H.R, 6395.How an NCDC Would operateThe NCDC s interagency staff would conduct planning, coordinate already-approved interagency actions, and raise new proposals and any concerns regarding dcpartmcnt/agcncy noncompliancc with the NSC. Such actions would be administratively straigh

38、tforward.The NCDC director would request approval fbr new activities from the dcpartmcnt(s) or agency hcad(s) with the requisite authorities, simultaneously sending the request to the NSCs deputy national security advisor fbr cyber and emerging threats fbr interagency consideration. The deputy natio

39、nal security advisor would have the prerogative-and the responsibility-to determine whether to call fbr NSC meetings, and if so, with what urgency and at what level (full NSC chaired by the president, Principals Committee chaired by the national security advisor. Deputies Committee chaired by the de

40、puty national security advisor, or a supporting interagency working group).For extremely time-urgent decisions, department and agency heads could approve execution before interagency consideration; in this case, an operation could be initiated even as NSC consideration was beginning. The relevant de

41、partment or agency head would be accountable to the president for justifying their choice to proceed. In cases that involved both time urgency and a very good understanding of escalation risks, over time this decision authority could be delegated further, with the objective of having the vast majori

42、ty of actions taken by department and agency heads or their subordinates, with concurrent notification of the NSC staff. Of course, at any time the president may direct the execution, or nonexecution, of a proposed new activity.What an NCDC Would Not DoAn NCDC would fill a current gap in US governme

43、nt organization and processes relating to cyber defense by integrating department and agency cyber defense operations (including supporting information and intelligence) through campaign planning and operational coordination. It is also important to note what it would not do. The NCDC would not set

44、strategic direction fbr the nation; this would remain the job of the president and NSC. NCDC planning would be conducted under presidential guidance and reviewed in an NSC process; its operational coordination would be subject to NSC oversight while respecting the authorities of department and agenc

45、y heads. The NCDC would not have “command and conuol” authority over department and agency heads or supplant the need fbr them to build capacity. Indeed, the NCDC s success would depend on departments and agencies continuing to exercise their authorities and build cyber expertise and increased capac

46、ity to fulfill their roles. The NCDC would not (1) direct operations (the president, or appropriate department and agency heads, would do so); (2) conduct operations (departments and agencies would do so); (3) plan or coordinate cyber operations not related to national cyber defense (e.g., military

47、cyber operations aimed at supporting regional combatant commanders); or (4) plan or oversee passive cybersecurity standards or the development of more defensible cyber architectures and components.xviTHE JOHNS HOPKINS UNIVERSITY APPLIED PHYSICS LABORATORYorganizational Placement and Physical locatio

48、nThe NCDC would not fit in the NSC, quite literally, given the legislative staffing cap of two hundred NSC personnel. Even if the cap were increased, the NSC staff should be focused on coordinating and overseeing the implementation of strategy and policy, not conducting ongoing campaign planning and

49、 coordinating operations. Placing the NCDC in DHSs CISA, or in another department or agency, would be a prescription for failure. Developing and coordinating the execution of national campaign and contingency plans for cyber defense-plans that really matter-will require departments and agencies to share sensitive intelligence and operational capabilities; a standing interagency body in the Executive Office of the President is needed to make this work. In additio