Cyber Academic Group

Chair

Cynthia E. Irvine, Ph.D.

Professor

Glasgow East Room 211

831-656-2461, DSN 756-2461

irvine@nps.edu

Associate Chair

Dorothy Denning, Ph.D.

Professor

Root Hall Room 225A

831-656-3105, DSN 756-3105

dedennin@nps.edu

David L. Alderson, Assistant Professor (2006), Ph.D., Stanford University, 2003.

Raymond J. Buettner, Jr. Associate Professor (1999), Ph.D., Stanford University, 2003.

Randy Burkett, National Intelligence Chair; Central Intelligence Agency Representative (2010), M.A., Naval Postgraduate School, 1989.

Rudy Darken, Professor (1996), Ph.D., George Washington University, 1995.

Dorothy Denning, Distinguished Professor (2002), Ph.D., Purdue University, 1975.

Chris Eagle, Senior Lecturer (1997), M.S., Naval Postgraduate School, 1995.

Shelly P. Gallup, Research Associate Professor (1999), Ph.D., Old Dominion University, 1998.

Deborah E. Goshorn, Research Assistant Professor (2010), Ph.D., University of California, San Diego, 2010.

Steven J. Iatrou, Senior Lecturer (2000), M.S., Naval Postgraduate School, 1992.

Cynthia E. Irvine, Professor and Chair (1994), Ph.D., Case Western Reserve University, 1975.

John McEachen, Professor (1996), Ph.D., Yale University, 1995.

Harrison Schramm, CDR, USN, Military Instructor (2010), Naval Postgraduate School, 2006.

Andy Singer, RADM, USN (Ret.), Senior Advisor, to Deputy Chief of Naval Operations for Information Dominance/Director of Naval Intelligence (N2/N6), (2010), M.S., National War College, 1995.

Pantelimon Stanica, Professor (2006), Ph.D., State University of New York at Buffalo, 1998.

Weilian Su, Associate Professor (2004), Ph.D., Georgia Institute of Technology, 2004.

Brief Overview

Cyberspace is now a primary warfare area. Establishing US Tenth Fleet/Fleet Cyber Command, combined with the Deputy Chief of Naval Operations for Information Dominance (N2N6) forms an enterprise able to address the opportunities and challenges for Cyber Systems and Operations (CSO) within the Navy’s vision for the Information Dominance Corps (IDC). Reflecting a growing cognizance of the importance of cyber operations, other elements of the U.S. military and U.S. Government, such as the Department of Homeland Security, have created similar or complementary organizations. Optimization of the military and U.S. Government value of cyber for future operations will require leaders who both understand how to defend our networks from penetration and employ cyber capabilities to ensure an advantage in future operations. Essential to this objective is a cadre of officers able to address the broad range of cyber operations: computer network attack, defense, and exploitation; cyber analysis, operations, planning and engineering; and cyber intelligence operations and analysis.

The Cyber Academic Group (CAG) is an interdisciplinary association of faculty and academic professorships representing six different academic disciplines. Established by the Naval Postgraduate School (NPS) on 23 September 2011, The Cyber Academic Group has responsibility for the academic content of the Cyber Systems and Operations curriculum. Instruction in this interdisciplinary program is carried out by the members of this academic group and by faculty primarily from the following academic departments: Computer Science, Electrical and Computer Engineering, Defense Analysis, and Information Systems. The group chair approves the thesis topics and final theses for students in the Cyber Systems and Operations curriculum.

Degree

Master of Science in Cyber Systems and Operations

The Cyber Systems and Operations students are awarded the Master of Science in Cyber Systems and Operations degree. Eighteen courses and a thesis are required. The plan of study includes graduate-level courses emerging from four different academic disciplines. As a new and rapidly evolving discipline that intersects a variety of traditional studies, the degree program has been carefully constructed with a large number of unique courses under the cyber purview.

Complementing focused, technically deep programs in the traditional departments, the MS in CSO degree addresses the broad range of cyber topics needed by leaders, managers, and operators serving DOD and U.S. Government missions.

Graduates will be prepared to lead offensive and defensive operations and optimally employ the GIG in support of all Navy missions. Immersed in the active challenges facing the Navy, graduates will return to the fleet equipped with the tools and foresight to recognize and solve current and future cyber-related challenges.

Cyber Systems and Operations (CSO)- Curriculum 326

Program Manager

Owen Schoolsky, CDR

831-656-2678, DSN 756-2678

Code 73, Spanagel Hall, Room 401A

omschool@nps.edu

Academic Associate

Deborah J. Goshorn, Ph.D.

Spanagel Hall, Room 530C

831-656-3298, DSN 756-3298

Fax 831-656-2760

degoshor@nps.edu

Brief Overview

The Cyber Systems and Operations (CSO) degree addresses a broad range of cyberspace operations: computer network attack, defense, and exploitation; cyber analysis, operations, planning and engineering; and cyber intelligence operations and analysis. Complementing focused, technically deep programs in the traditional departments, the Master of Science in Cyber Systems and Operations degree addresses the broad range of cyber topics needed by leaders, managers, and operators serving military missions.

Designed for a cadre of students with diverse backgrounds, this degree program is intended to provide a deep understanding of the national and military application of integrated lines of operation including operation of the global information grid (GIG), defensive and offensive cyber operations, and the required technical and nontechnical intelligence operations underpinning these. Students will learn how to seize and sustain an information advantage through all stages of operations, from early warning through detection, planning, targeting, cyber fires, assessing effects and resetting for follow-on plans and operations.

Site visits, laboratory exercises, seminars, guest speakers, and practical workshops complement traditional instruction. A semiannual cyber exercise is integrated into the curriculum. Thesis research will allow students to address topics of interest to stakeholders under the supervision of faculty experts. Tight integration with the front line war fighter and with relevant U.S. Government elements will ensure that thesis research is on target and rapidly integrated.

Requirements for Entry

This curriculum is open to officers of the U.S. Armed Forces and civilian employees of the U.S. Federal Government. A baccalaureate degree, or the equivalent, with grades resulting in an APC of at least 344 is required for direct entry. A TOP SECRET clearance is required with SPECIAL INTELLIGENCE clearance obtainable for all students.

Entry Date

Cyber Systems and Operations is a six-quarter resident course of study with entry dates in March and September. Future offerings are expected to provide the curriculum via web-based and hybrid learning options for non-resident students. The duration will depend upon the number of simultaneous courses taken. If further information is needed, contact the Academic Associate or Program Officer for this curriculum.

Degree

The Master of Science in Cyber Systems and Operations degree is comprised of eighteen courses involving 66 credit hours of graduate-level work, which, in combination, provide a coherent, logical approach to a complex and rapidly evolving military and government domains. In addition to course work, each student must complete a Master's thesis.

The Master of Science in Cyber Systems and Operations is awarded after the satisfactory completion of a program meeting, as a minimum, the following degree requirements:

• All courses must be satisfied through the course of study or through validation prior to graduation.
• Minimum degree requirements of the NPS must be met.
• Completion of an acceptable thesis in addition to the course requirements.

Program Length

Six Quarters with JPME.

Typical Course of Study

Quarter 1

Quarter 2

Quarter 3

Quarter 4

Quarter 5

Quarter 6

Students not required to complete the JPME course of study while working on a degree at NPS may omit NW3230, NW3285, NW3275, and NW3276.

Curriculum Major Area Sponsor

DCNO for Information Dominance (N2/N6).

Educational Skill Requirements

1. Cyber Functions and Fundamentals. In order to provide Officers skilled in the applications of Cyberspace to military needs, the Officer will have competence in the following functional areas:
   • Securely Provision
   • Operate and Maintain/Network Operations/DoD Global Information Grid Operations (DGO)
   • Active Defense/Defensive Cyberspace Operations (DCO)
   • Operate and Collect/Cyber Intelligence/DCO
   • Analyze and Advise
   • Offensive Cyberspace Operations (OCO)
   • Investigate
   • Communications Electronic Attack (Comms EA)
   • Red and Blue Team Assessments
2. Military Applications and Cyberspace Operations. The Officer will have a thorough knowledge of problem identification, formulation, and application of tools necessary to support decision making through all stages of operations in support of National and Military objectives in the cyberspace domain to include DGO, DCO, and OCO. Attention will be given to military applications, with particular focus on the ways in which Cyber active defensive mechanisms and offensive effects can be assimilated at a high speed in conjunction with other warfare areas and can be applied to achieve Assured Command and Control, Freedom of Maneuver in Cyberspace, support to the Targeting Cycle and the ability to deliver COCOM Desired Effects.
3. Organizational Construct and Policy. The Officer will have an in-depth understanding of the administrative and operational structure of the various organizations and Commands that will either be operating in a supported or supporting role. Additionally, the Officer will have a detailed and conceptual understanding of doctrine and the contingent use of non-kinetic force based on Rules of Engagement (ROE) and ultimately National policy.
4. Cyber System of Systems Engineering, Acquisition and Program Management. The officer will understand system of systems engineering for creating a new cyber system in the GIG (which may be an upgrade to existing system) upon identification of a cyber capability gap, including gaps that support the GIG infrastructure indirectly. This includes identifying the cyber system concept of operations, identifying cyber requirements for the new system which comply with mandated policy, creating preliminary architecture for the cyber system, assessing detailed architecture, assessing integration of new system with existing systems, assessing test and evaluation of system, and understanding documentation describing operation and maintenance of new cyber system. The Officer will understand the purpose and concepts, fundamentals and philosophies of the defense systems acquisition process, and practical application of program management methods within this process.
5. Independent Research. The Officer will demonstrate the ability to conduct independent investigation in the context of a Joint multi-INT network-centric system of systems within an open framework of the Global Information Grid (GIG) with respect to friendly and/or adversarial systems. Furthermore, the Officer will determine how to resolve the underlying issues and present the results of analysis in both written and oral form.
6. Joint Maritime Strategic Planning. The Officer will have an understanding military history, joint and maritime planning, and strategy and policy involved in military operations.
7. Cyber Infrastructure within the GIG. The Officer shall identify and assess friendly and adversarial GIG infrastructures, modeled as operations –centric network systems of systems, for both advantaged and disadvantaged users. The officer will explain existing and emerging GIG infrastructures including (1) bottom-up systems for either data collection (raw sensor and extracted intelligence generation) or effects delivery, (2) middleware systems for smart push/pull services in a cloud/service-oriented-architecture (SOA) infrastructure, (3) top-down systems for command and control with a common operational picture, and (4) core infrastructure systems providing enabling communications within and between bottom-up, top-down, and middleware systems. For each aforementioned system category, the Officer will demonstrate critical thinking and problem solving skills, from the system of systems perspective, to ensure accountability for implementing tactics, techniques, and procedures (TTPs) in Defensive and offensive missions. Additionally, Officers will gain competency in identifying adaptive cyber vulnerabilities and effects to respective systems. for defensive and offensive missions, involving the following types of cyber vulnerabilities and Effects. The Officer will learn how to perform such problem solving skills in GIG operations that augment manpower with intelligence automation analytics for the automated processing of large varieties of high volume data and automated production of high value alerts and actions at large velocities for command and control. Lastly, the Officer will apply such problem solving skills to GIG operational scenarios in a denied or compromised environment.
8. Space. The Officer will have a thorough understanding of the nature of Space Warfare as it is applied within the realm of Cyber operations; distinguish between the four JP 3-14 defined Mission Areas (Space Control, Space Support, Force Enhancement, Force Application) and interpret how current and planned space capabilities contribute to the satisfaction of these mission areas.

CY Courses

Place-holder. Do not remove.

<CY0810 - CY4900 Courses>

CY0810 Thesis Research (0-8)

Every student conducting thesis research will enroll in this course.

CY3000 Introduction to Cyber Systems and Operations (3-0) As Required

This course provides an overview of the national and military application of integrated lines of operations including operation of the Global Information Grid (GIG), defensive cyber operations, offensive cyber operations and the required technical and non-technical intelligence underpinning these. Through a series of guest lectures, students will be exposed to all aspects of cyber systems and operations ranging from the best in industry to actual plans and operations at the national and Combatant Command and component levels. This course is classified SECRET. Prerequisites: None.

CY3100 Introduction to Communications Networks (4-1) As Required

The purpose of this course is to develop literacy and familiarity with the technologies, techniques, and systems that provide the physical communications and point-to-point communications control upon which all communications networks are based. Physical layer topics include concepts in signals, information, analog and digital signals, signal corruption, signal reception, binary and non-binary data communications, communications channels, and radio communications concepts, IEEE standards 802.11 and 802.16, network interface controllers, switches, repeaters, multiplexers, antennas, A/D & D/A converters, and vocoders. Datalink layer concepts include connection vs. connectionless oriented, packet vs. circuit mode, error control, flow control, synchronization, framing, logical link control, media access control, Ethernet, Point-to-Point Protocol (PPP), and High-level Data Link Control (HDLC). Emphasis is on military communications systems to include Link 16, DSCS, Milstar, and WNW. Prerequisites: None.

CY3110 Internet Protocols (3-1) As Required

This course covers basic device (computers, smart-phones and PDAs) communications and networking through the study of the fundamental principles and technologies employed to implement the upper three layers of the TCP/IP protocol stack. The lower two-physical (1) and link (2)-layers are addressed only insofar as to provide a complete bit-level to message-level overview regarding each layer's role in supporting end-to-end communications. For the three upper layers, the course delves into analysis of the dominant protocols employed (e.g., IP, DNS, ICMP, HTTP, DHCP, TCP, UDP, RIP, OSPF, BGP, MobileIP, VoIP, and MPLS). In addition to understanding the basic operation, each protocol is also considered in the context of basic security challenges (confidentiality, integrity, availability) encountered in a distributed, internetworked environment. Prerequisites: None.

CY3300 Cyber Communications Architectures (Same as EO3730) (4-0) As Required

The purpose of this course is to develop literacy and familiarity with Navy, DoD, and allied enterprise information systems and emerging technology trends. It presents basic concepts in conventional and military telephony and telecommunication networks; examines DoN implementations from intra-ship, ship-to-ship and long haul and discusses architectures and components of the GIG including both classified and unclassified networks. It discusses interoperability of diverse network architectures and the impact of mobile platforms on operations. Prerequisites: CY3100, CY3110, CS3030. Classification: SECRET.

CY3602 Network Operations II (3-2) As Required

This course is a sequel to Network Operations I, with a focus on how to deal with network attacks and compromises. The goal is a resilient network that can meet operational and mission needs even in the face of attacks. Students will learn how to detect and respond to attacks and compromises while keeping the network operational to the extent possible. Topics covered include self-assessment through vulnerability and penetration testing, using firewalls and intrusion detection and prevention systems to monitor network traffic and system activity; and an introduction to established processes for cyber forensics and attribution, incident response, and recovery. Prerequisites: IS3502, CS3600. Corequisites: CY4700.

CY3800 Topics in Signals Operations (3-0) Fall/Spring

Students will be introduced to concepts and systems for managing and ensuring effective employment of the electromagnetic spectrum (EMS). Topics include DoD, other government and Intelligence Community systems for communications; Signals Intelligence (SIGINT), Radio Frequency (RF) exploitation, electronic counter measures, electronic counter-counter measures, Precision Navigation and Timing (PNT), and EMS management. Students will better understand the role of these in building to and ensuring Naval Information Dominance and a US strategic and operational electronic advantage. Prerequisites: CY3100, CY3300. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access.

CY4400 Cyber Mission Planning (3-0) Winter/Summer

This course details the process of mission planning in the cyber warfare domain and its integration of cyber with other warfare domains. All phases of mission planning and execution for cyber missions in both direct and supporting roles are covered. Topics include requirements development/solicitation, managing expectations, targeting considerations, munitions development and selection, preparation of the environment, mission deconfliction in the cyber battlefield, balancing the needs of offensive and defensive stakeholders, and cyber battle damage assessment. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access. Prerequisites: CY4700. Co-requisite: CY4600.

CY4410 Cyber Policy and Strategy (3-0) As Required

This course explores the emerging strategies, policies and doctrine associated with cyber operations and military operations affected by cyberspace. The student will review the latest guidance provided by the US government at the national, interagency, DOD, and naval levels and relate these materials to the national strategy of the US. Special emphasis is provided for the products of US Cyber Command and Fleet Cyber Command/Tenth Fleet. These materials are compared to the emerging strategies and doctrine of other countries. Prerequisites: CY3000, CY3130. Classification: TS/SCI.

CY4600 Network Operations in a Contested Environment (3-2) Winter/Summer

This is a course in offensive cyber operations and effects achievable by cyber means in a contested environment. It examines the network environment as a domain under contention and related information operations. Existing architectures and infrastructures for conducting offensive operations are studied. This course develops the literacy and competencies necessary to understand potential problems and realistic solutions for critical non-kinetic, cyber-related warfare issues for the United States. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access. Prerequisites: CY3602. Co-requisite: CY4400.

CY4650 Information Management for Cyber Operations (4-0) As Required

This course covers the acquisition and management of information for timely and effective decision-making. Topics include the collection, storing and processing of large amounts of data; autonomous processing including mining, matching, filtering and translating data; issues relating to scalability, performance and real-time requirements; and identification of appropriate data sources and tools. Prerequisites: CY3130, CY4400, CY4600.

CY4700 Cyber Wargame: Blue Force Operations (2-5)

This course explores the development of cyber-oriented war games and exercises from the perspective of maintaining a high state of readiness in the face of hostile action. Topics include fundamentals of game theory, scenario selection, scenario development, and execution. Following scenario definition, students will develop a strategy for defending and operating their networks while responding to hostile activities. Emphasis is placed on risk assessment, employment of forces and assets, early detection of threats and maintaining services in an increasingly degraded environment. This course is designed to be offered simultaneously with Cyber Wargame Red Force Operations and culminates in a week-long cyber exercise in which the students participate in the blue force role. Prerequisites: CS3600, DA3104.

CY4710 Cyber Wargame: Red Force Operations (2-5)

This course explores the development of cyber-oriented war games and exercises from the perspective of maintaining a high state of readiness in the face of hostile action. Topics include fundamentals of game theory, scenario selection, scenario development, and execution. Following scenario definition, students will develop a strategy for defending and operating their networks while responding to hostile activities. Emphasis is placed on risk assessment, employment of forces and assets, early detection of threats and maintaining services in an increasingly degraded environment. This course is designed to be offered simultaneously with Cyber Wargame Blue Force Operations and culminates in a week-long cyber exercise in which the students participate in the red force role. Prerequisites: CY4600 and CY4700; or any one of: CS3695, CS4678, CS4558, EC4755, EC4765, EC4785; or consent of the instructor.

CY4750 Advanced Cyber Systems and Operations (3-1) As Required

This course serves as a capstone experience in which the students are immersed in a current operational or policy challenges related provided by the Information Dominance Corps community stakeholders. The assigned task will involve proposed cyber operations in support of an existing or anticipated operational plan. Student teams will develop courses of action (COA) that address legal, ethical, political, technical, tactical, operational and strategic implications. The recommended COA will be presented to the stakeholders. Prerequisites: CY4100, CY4400, CY4600. Classification: TS with eligibility for SCI.

CY4900 Cyber Systems and Operations Seminar (1-0) As Required

This seminar is designed to help students determine, shape and explore the foundational research for their theses and to introduce them to advances in cyber technologies and research. Students are expected to register for this seminar each quarter.