AFNIC/NIA Architecture as a Service · SparX Enterprise Architect V12. Cyber Engineering and...

Cyber Engineering and Integration Excellence

AFNIC/NIA Architecture as a Service

Jamie “Mike” Wilson AFNIC/NIA

29 Aug 2018

Cyber Engineering and Integration ExcellenceCyber Engineering and Integration Excellence

Overview

• What Do We Do?• Why Model?• How We Do It (Examples)• What’s The Way Ahead?• Where is it?• Other Questions?


What Do We Do?Architecture Hierarchy

Cyberspace Superiority

JIE

Cyberspace Superiority Enterprise Architecture (CSEA) 2024

AF Network Operations (AFIN Ops)

Defensive Cyberspace Operations (DCO)

CDA CVA/HACD C3MSCSCSAFINC

JRSS IPN ISN MPE

KO

ISR

EITSM

AFNET

S-JRSS

Joint Reference

Architectures

AF Reference Architectures

DoDIEA

Joint Solution Architectures

Agile Combat Support

Service Core Functions

TransportData & ServicesComputing

ServicesSecured

AvailabilityNetwork Ops

Joint Capability Areas

Nuclear Deterrence Operations

Air Superiority

Rapid Global

MobilityBuilding

PartnershipsSpace

Superiority

AF Capability Segments

AF Solution Architectures

Global Precision

AttackSpecial

OperationsCommand

and ControlPersonnel Recovery

Global Integrated

ISR

Joint Architectures --

CS

EA

Family of A

rchitectures

IdAM

Fit

fo

r P

urp

ose

Do

D-w

ide

Use

Mr Fred LewisAF Chief Architect

Fit

fo

r F

eder

atio

n

Mr. Dana DeasyDoD CIO

Cyber Range

R R R R

R AFNIC submitted core products

SIPRMOD

TBD

ACC Chief Architect


Why Model?

• All forms of engineering rely on models to understand complex, real-world systems

• Models facilitate the communication of key system characteristics and complexities to various stakeholders

• Models provide abstractions of a physical system that allow engineers to reason about the system by ignoring extraneous details while focusing on relevant ones

• Models are used to reason about specific properties of the system when aspects of the system change and can assist in predicting system qualities

• Depending on the context, different elements can be modeled which provide different views which ultimately facilitates:• analyzing problems• proposing solutions

• Applying different kinds of models provides a well-defined style of development, providing ability to re-use common approaches

4

Sashi Thangaraj (SAIC), "Introduction to Model Driven Architecture (MDA), NCICB Software Development Processes Facilitating Systems Interoperability


PORTFOLIO MANAGEMENT

Applying Reference Models to

promote std descriptions of activities,

orgs, systems, data, technologies,

and functionality for redundancy ID

and reuse

4

Why Model?Uses Of Architectures

Building a repository of

decision-supporting

information sources

RESOURCE PLANNING & MGMTWho should buy what, i.e.,

PPBE support to Capital

Planning and Investment

Control (CPIC) process;

comparative analyses of

proposed investment

strategies

2SYSTEM DEVELOPMENT & ACQUISITIONRequired functionality, interfaces,

information exchanges, services

and information infrastructure,

including technical standards

3

5 ….OTHER USES1. Education and Training

2. Exercise/Innovation

3. Test and Evaluation

4. …etc.

CAPABILITY BASED PLANNINGSupporting operational planners

analyses by defining ops

activities, system functions,

info/data needs and their

relationships (e.g., CRRA HPTs)

1


How We Do ItDoD Funds Capabilities

If these things are important to your

enterprise, they should be in your architecture

DoD Architecture Framework V2.02, Change 1, Vol I, 31 January 2015

Condition

Rule

Standard Agreement

Materiel

Data

System

Service Person Role

Organization

Geo Political

Location

Resource

Information

CapabilityActivity

GuidanceFUNDING

HAPPENS HERE

achieves desiredstate of

is realized by

is performed under

requires abilityto perform

consumes andproduces

is performed by

constrains

is at

is at

describessomething


How We Do ItDraft Cyberspace “Domain” Model

The Domain Model captures a description of what the software knows about the domain and the objects it contains.

SparX Enterprise Architect V12


How We Do ItDraft Cyberspace “Domain” Model


How We Do ItCV-2 Capability Taxonomy

class CV-2 CSEA 2024 with Capabilities Supporting Higher Level Architectures With Lower Level CSEA Capability Breakdown2

Joint Capability Area (JCA) CV-2 CapabilitiesDoD Information Enterprise Architecture (DoDIEA) CV-2 CapabilitiesSTRATCOM Situational Awareness Capabilities (SA) CV-2Cyberspace Superiority Enterprise Infrastructure (CSEA) CV-2 Capabilities

Legend

class CV-2 CSEA 2024 with Capabilities Supporting Higher Level Architectures With Lower Le ve l CSEA Capability Breakdown2

Provide Mission

Awareness

Awareness Sharing

Provide Network

AwarenessProvide Threat

Awareness

Assess Cybe r Limitation,

constraints, and Rules of

Engagement

Assess Grey Network

Health and Status

Support Blue Cyber

Forces

Support Blue De fensive

Cyber Operations

Support Blue Offensive

Cyber Operations Assess Blue Network

Health and Status

Asse ss Network / Asset

Compliance

Provide Blue Network

Topology and

Configuration

Provide Intrusion /

Malicious Code Ale rtProvide Network

Intrusions Warning

Assess Red Cyber Forces Assess Red Missions,

Actions, and Intentions

Asse ss Red Ne twork

Health and Status

Assess Unattributable /

Neutral / Grey NetworksSupport Red and Blue

Inte lligence

Understand Red Network

Topology and Configuration

Protection

Prevent

Communictions &

Computers

Information Transport

Enterprise Services

Ne t Manage ment

Command and Control

Monitor

Joint Capability Areas

Battlespace Awareness

Direct Collection BA Data Dissemination &

Relay

Mitigate Planning & Direction Processing / Exploitation Analysis, Prediction &

Production

Organize UnderstandPlanning Decide

Connect, Access and

Share

Operate and De fend

Connect Operate De fend

Ad Hoc Ne tworks Infrastructure

Provisioning

Assured End to End

Communications

Global Connections Internet Connectivity Continuity of Operations IE Health and Readiness

Measureme nt

IE Situational Awareness Automated Configuration

Changes

Dynamic Configuration

Management

Dynamic Routing /

Policy-based

Management

End-to-End Quality of

Se rvice

Integrated Network

Operations Services

NetOps-Enabled

Resources

Cross Domain Security

(CDS) Enforcement

Data and Metadata

Protection

Network Defense IE Incident Response

Offensive Counter

Cyberspace (OCC) for

Global Reach & Acce ss

Offensive Cyberspace Operations (OCO)

Proactive Defense (PD)

Defensive Counter Cyberspace (Reconnaissance/Counter

Reconnaissance)

Protect DataProtect Networks Characterize Cyberspace

Threats

Identify Non-Traditional

Cyberspace Threats

Mitigate Cyberspace

Threats

Information-Based Vulnerability Identification

Information Threat Mitigation

Information Risk Assessment

Active Indicator Monitoring

Communications Monitoring

Posted Information/ Application Monitoring/

Analysis

Network Analysis and Reporting

Detection Cyberspace Maneuver

Boundary Protection

Cyberspace Pursuit

Active Prevention

Cyberspace Scoping

Cyberspace Threat

Response

Cyberspace Risk Mitigation

Cyberspace Education and

Train ing

Cyberspace Recovery

Cyberspace Adversary Iso lation

Cyberspace Adversary Deterrence

Cyberspace Adversary Disruption

Malicious Cyberspace

Activity Detection

Cyberspace Reconnaissance

Department of Defense Information Network (DoDIN)

Operations

Network Extension and Resiliency Cyberspace Command & Control

Cyberspace Intelligence Surveillance;

Reconnaissance (ISR) & S ituational Awareness (SA)

Data Confidentiality & In tegrity Systems (DCIS)

Persistent Network Operations (PNO)

Analyze ISR and SACollect ISR and SA Predict ISR and SACore Enterprise Services

Transport InformationManage Cyberspace

Area of ResponsibilityNetwork

Functions and Resources Optimization

Decide ActionsDirect Actions Monitor SAPlan Actions

Understand S ituational Awareness (SA) Secure In formation at

RestSecure Information in

Motion

Network Extension Network Resiliency

Network Resilience Governance

Network Resilience Strategy

Flexible Network Development

Robust Network Design

Network Mobility

Network Adaptability

Cyberspace Data Collection

Information Requirements Composition

Cyberspace Data Transformation

Cyberspace Information

Analysis

Cyberspace Intelligence Production

Cyberspace Intelligence

Dissemination

Enterprise Information

Services

Messaging

Discovery

Collaboration

Directory Services

User Assistant

Application Hosting

Continuity of Operations

Disaster Recovery

Global Connectivity

Network C2, SA, NetOps

Information Exchange

Mission Information

Exchange

Network Performance

Assurance

Real-Time Network Function

Management

Network Operation and Maintenance

Centralized Network Management

Enterprise Network Configuration and Usage Governance

Network Resource Visibility

Indications, Warning, and

Threat Identification

S ituational Awareness Reporting

Cyberspace Order

Transmittal

Shared SA InformationDefended Asset

Identification

SA Information Presentation

SA Information Correlation/ Analysis

Network Configuration

Planning

Network Planning

Refinement

Network Threat Determination

Environment Determination

COA Selection

Cyberspace Tasking

Network Metrics Determination

Governance Compliance Assessment

Network Effects Assessment

Objectives Assessment

Access Authentication/ Authorization

for S torage

Access Authentication/ Authorization for Retrieval

Encryption for Storage

Decryption for Retrieval

Authentication/ Authorization for Transmittal

Information Protection for

Transmittal

Encryption for Transmittal

Decryption for Reception

Force Support

Force Pre paration

Logistics

Base and

Installations

Support

DoDIN Capabilities

Optimize d

Network

Functions &

Resources

Force Application

ManeuverEngagement

Knowledge Ops Linked Capabilities

Cyber Range Operations Cyber Range Operations

Defensive Cyberspace Ope rations (DCO)


Classified Message Incident (CMI) Report

Operations Security (OPSEC) Report

Information Protection Alerts (IPA)

Web Risk Assessments (WRA)

Cyberspace Operational Risk Assessments (CORA)CDA Produces

USAF Cyberspace Defense Analysis (CDA) Operational View (OV-1) GraphicUnclassified; For Official Use Only

Unclassified; For Official Use Only

AFNETCDA Monitors and Assesses

USAF UnclassifiedVoice Networks

RF Spectrum; HF -> SHF bands, LMRs, Mobile Phones, Wireless LANs

Electronic Mail Traversing the AFNET

Social Media Network info originating in AFNet &posted to public sites not owned, operated, or controlled by DoD or US Gov

s

LIKE

LIKE

Personally Identifiable Information (PII) Breach Reports

Network Defense Support Report

USAF CDA Team

Threat Status Reports and Information

Cyberspace Ops Controller (1)

Cyberspace Defense Analysts (3)

AF Cyberspace Defense Analysis Operations Console

(notional)

CYBERSPACE DEFENSE ANALYSIS

CYBERSPACE VULNERABILITYASSESSMENT / HUNTER

AIR FORCE CYBERSPACE DEFENSE

CYBER COMMAND AND CONTROL MISSION SYSTEM CYBERSPACE SECURITY AND CONTROL SYSTEM

AIR FORCE INTRANET CONTROL

Cyberspace Weapon SystemsOperational Concept Graphics

Incorporating Operational Needs Into DoDAF Architecture


Manage Change Activity Model

Approve Change Sequence Diagram

Configuration Management Data Model

48~ Use Cases & Mission Threads- Process Models- Sequence Diagrams- Data Models- Roles & Responsibilities

Cyberspace Weapon SystemsUse Cases and Mission Threads

Operator Involvement Critical for Accurate/Current Mission Threads


Wrap

Cyberspace Weapon SystemData Flow Matrix

NR KPPs

Use Case

CCIR

JS/J6 FocusDTIC Test Plan

Architecture Provides Key Input To Testing Criteria

Performance

System Function


How We Do ItSystem Nodes w/ System Function Overlay

Where are the Policy Enforcements Points?Who Controls Them? With What?


~ 1,500 REGISTERED USERS

https://cs2.eis.af.mil/sites/10344/arch-eng/afnet/default.aspx

Where Is It?AFNIC Architecture Home Page

DoDAF-compliant Architectures for:• Cyberspace Superiority 2012, 2016, 2024• Defensive Cyber Ops• Six (6) Cyberspace Weapons Systems• Enterprise IT Service Management• Knowledge Operations• AF Network (AFNet)• SIPR Modernization (AFNet-S)• Cyber Range• ISR Information • JIE Joint Regional Security Stacks • JIE Installation Services Nodes• 50+ UML Cyber Ops Use Cases

Requirements Traceability• Joint Capabilities Areas• DoD Information Environment Arch• Joint Common System Functions


Questions?

Your Brain on Architectures


SERVITIO DEDICATI75

AFNIC/NIA Architecture as a Service · SparX Enterprise Architect V12. Cyber Engineering and...

Documents

Transcript of AFNIC/NIA Architecture as a Service · SparX Enterprise Architect V12. Cyber Engineering and...