Cyber Academic Group

Chair

Cynthia E. Irvine, Ph.D.

Professor

Glasgow East Room 211

831-656-2461, DSN 756-2461

irvine@nps.edu

Associate Chair

Dorothy Denning, Ph.D.

Professor

Root Hall Room 225A

831-656-3105, DSN 756-3105

dedennin@nps.edu

David L. Alderson, Associate Professor (2006), Ph.D., Stanford University, 2003.

Raymond J. Buettner, Jr., Associate Professor (1999), Ph.D., Stanford University, 2003.

Karen Burke, Research Associate Professor (2003), M.S., Southern Illinois University, 1979.

Richard S. Cote, Senior Lecturer (2001), M.S., Naval Postgraduate School, 2000.

Rudy Darken, Professor (1996), Ph.D., George Washington University, 1995.

Duane T. Davis, Research Assistant Professor (2012), Ph.D., Naval Postgraduate School, 2006.

Dorothy Denning, Distinguished Professor (2002), Ph.D., Purdue University, 1975.

Chris Eagle, Senior Lecturer (1997), M.S., Naval Postgraduate School, 1995.

John D. (JD) Fulp, Senior Lecturer (2001), M.S., Naval Postgraduate School, 1996.

Shelly P. Gallup, Research Associate Professor (1999), Ph.D., Old Dominion University, 1998.

Mark Heller, LCDR, USN, Information Dominance Center for Excellence, M.S., Naval Postgraduate School, 2010.

Ted Huffmire, Assistant Professor (2007), Ph.D., University of California at Santa Barbara, 2007.

Wade Lee Huntley, Senior Lecturer (2009), Ph.D., University of California at Berkley, 1993.

Cynthia E. Irvine, Professor and Chair (1994), Ph.D., Case Western Reserve University, 1975.

John Krautheim, Visiting Professor (2012), Ph.D., University of Maryland Baltimore County, 2010.

George Lucas, Jr., Professor of Ethics and Public Policy, Ph.D., Northwestern University, 1978.

John McEachen, Professor (1996), Ph.D., Yale University, 1995.

Garrett McGrath, Lecturer (2012), M.S., Naval Postgraduate School, 2012.

Eric McMullen, LCDR, USN, Military Lecturer, M.S., Naval Postgraduate School, 2013.

Thuy Nguyen, Faculty Associate-Research (2002), B.A., University of California at San Diego, 1982.

Andy Singer, RADM, USN (Ret.), Senior Advisor to Deputy Chief of Naval Operations for Information Dominance/Director of Naval Intelligence (N2/N6), (2010), M.S., National War College, 1995.

Pantelimon Stanica, Professor (2006), Ph.D., State University of New York at Buffalo, 1998.

Tim Unrein, CAPT, USN, Director, Information Dominance Center for Excellence, M.S., Naval Postgraduate School, 1997.

Dan Verheul, CAPT, USN, Associate Military Professor (2012), M.A., Florida State University, 1986, M.A., Marine Corps Command and Staff College, 1999.

Brief Overview

Cyberspace is now a primary warfare area. Establishing US Tenth Fleet/Fleet Cyber Command, combined with the Deputy Chief of Naval Operations for Information Dominance (N2N6) forms an enterprise able to address the opportunities and challenges for Cyber Systems and Operations (CSO) within the Navy’s vision for the Information Dominance Corps (IDC). Reflecting a growing cognizance of the importance of cyber operations, other elements of the U.S. military and U.S. Government, such as the Department of Homeland Security, have created similar or complementary organizations. Optimization of the military and U.S. Government value of cyber for future operations will require leaders who both understand how to defend our networks from penetration and employ cyber capabilities to ensure an advantage in future operations. Essential to this objective is a cadre of officers able to address the broad range of cyber operations: computer network attack, defense, and exploitation; cyber analysis, operations, planning and engineering; and cyber intelligence operations and analysis.

The Cyber Academic Group (CAG) is an interdisciplinary association of faculty and academic professorships representing six different academic disciplines. Established by the Naval Postgraduate School (NPS) on 23 September 2011, The Cyber Academic Group has responsibility for the academic content of the Cyber Systems and Operations curriculum. Instruction in this interdisciplinary program is carried out by the members of this academic group and by faculty primarily from the following academic departments: Computer Science, Electrical and Computer Engineering, Defense Analysis, and Information Systems. The group chair approves the thesis topics and final theses for students in the Cyber Systems and Operations curriculum.

Degrees and Certificates

The Cyber Academic Group provides graduate training and education in a broad range of cyber topics needed by leaders, managers, and operators serving DOD and U.S. Government missions. Complementing focused, technically deep programs in the traditional departments, both basic and advanced graduate courses are offered. Course work and research lead to the Master of Science degree. The requirements to complete either program are rigorous and are comparable to those of other major universities.

As a new and rapidly evolving discipline that intersects a variety of traditional studies, these degree programs have been carefully constructed with a large number of unique courses under the cyber purview.

Graduates will be prepared to lead offensive and defensive operations and optimally employ the GIG in support of all Navy missions. Immersed in the active challenges facing the Navy, graduates will return to the fleet equipped with the tools and foresight to recognize and solve current and future cyber-related challenges.

Certificate in Cyber Wargaming (DL & Res) - Curriculum 225/226

Academic Associate

Duane T. Davis, Ph.D.

Code CS/Ce, Glasgow East, Room 212

831-656-2239, DSN 756-2239

dtdavi1@nps.edu

Program Manager

Cynthia Irvine, Ph.D.

Glasgow East, Room 211

831-656-2461, DSN 756-2461

irvine@nps.edu

Brief Overview

The Cyber Wargaming certificate is a graduate-level, non-degree program designed to enable DoD and U.S. Government personnel to effectively plan for and participate in cyber wargames based upon scenarios of interest to the DoD and U.S. Government.

The objective of the program is to prepare students to maintain a high state of readiness for cyber systems in the face of hostile action. Students will learn the fundamentals of cyber wargaming including basic game theory, scenario selection and development, and wargame execution. Students will be able to apply their understanding of risk assessment in cyber space and employment of forces and assets to achieve or support both cyber and overall mission objectives. They will be able to incorporate early detection and maintenance services in environments that may be severely degraded.

The program consists of three courses to be taken over a minimum of a three-quarter period. The total number of NPS graduate credits obtained for the certificate is 13 or 13.5, depending upon the choice of courses. This certificate program may be applicable toward a master's degree program in Curriculum 326.

Requirements for Entry

Entry Dates

At the beginning of the Spring or Fall quarters. (March or September)

Program Length

Three quarters

Required Courses

One of the following electives.

CY3520

(3-3)

Practical Network Operations

CY3602

(3-2)

Network Operations II

CS3690

(4-1)

Network Security

DA3104

(4-1)

Computer Network Attack and Defense

And both of the following.

CY4700

(2-5)

Cyber Wargame: Blue Force Operations

CY4710

(2-5)

Cyber Wargame: Red Force Operations

Cyber Operations Infrastructure (DL & Res) - Curriculum 227/228

Academic Associate

Duane T. Davis, Ph.D.

Code CS/Ce, Glasgow East, Room 212

831-656-2239, DSN 756-2239

dtdavi1@nps.edu

Program Manager

Cynthia Irvine, Ph.D.

Code Cs/Ic, Glasgow East, Room 211

831-656-2461, DSN 756-2461

irvine@nps.edu

Brief Overview

The Cyber Operations Infrastructure certificate is a graduate-level, non-degree program designed to enable DoD and U.S. Government personnel to differentiate the various components of the infrastructure underpinning cyber operations for its effective use in all aspects of cyber operations.

The objective of the program is to prepare students to deploy cyber-specific assets appropriately within the DoD cyber infrastructure. Students will be able to assess how differing elements of the underlying cyber infrastructures impact cyber operations. Students will learn about the communications systems that support cyber operations and will be able to choose communications modes most suitable for a given cyber mission. They will be able to develop information usage strategies across distributed platforms and will be able to adapt their choices based upon the capabilities of these data-centric systems. They will be able to evaluate the benefits and weaknesses of infrastructure-dependent choices and will be able to integrate these choices in cyber mission planning. Students will be able to develop strategies for cyber operations in contested situations based upon their understanding of the infrastructure.

The program consists of four courses to be taken over a minimum of a four-quarter period in the case of distance learning students. Resident students may be able to complete the certificate in three academic quarters. The total number of NPS graduate credits obtained for the certificate is 15, depending upon the choice of courses. This certificate program may be applicable toward a master's degree program in Curriculum 326.

Requirements for Entry

Entry Dates

At the beginning of the Winter or Summer quarters. (January or July)

Program Length

Three quarters (9 months)

Graduate Certificate Requirements

The academic certificate program must be completed within three years of admission to the program. A student must maintain a 3.0 GQPR in the certificate program to be awarded a certificate.

Required Courses

Both courses below are required.

CY3300

(4-0)

Cyber Communications Architectures (SECRET)

CY4400

(3-0)

Cyber Mission Planning (TS/SCI)

And one course from Group 1 and one course from Group 2 are required:

Group 1

CY4600

(3-2)

Network Operations in a Contested Environment (TS/SCI)

EC3760

(3-2)

Information Operations Systems (TS/SCI)

Group 2

CY4650

(4-0)

Information Management for Cyber Operations

CS3670

(3-2)

Information Assurance: Secure Management of Systems

Cyber Systems and Operations (CSO) - Curriculum 326

Program Officer

Eric McMullen, LCDR, USN

831-656-7980, DSN 756-2239

Code CY, Glasgow East, Room 309

elmcmull@nps.edu

Academic Associate

Duane T. Davis

831-656-2239, DSN 756-2239

Code CY, Glasgow East, Room 212

dtdavi1@nps.edu

Brief Overview

The Cyber Systems and Operations (CSO) degree addresses a broad range of cyberspace operations: computer network attack, defense, and exploitation; cyber analysis, operations, planning and engineering; and cyber intelligence operations and analysis. Complementing focused and technically deep programs in the traditional departments, the Master of Science in Cyber Systems and Operations degree addresses the broad range of cyber topics needed by leaders, managers, and operators serving military missions.

Designed for a cadre of students with diverse backgrounds, this degree program is intended to provide a deep understanding of the national and military application of integrated lines of operation including operation of the global information grid (GIG), defensive and offensive cyber operations, and the required technical and nontechnical intelligence operations underpinning these. Students will learn how to seize and sustain an information advantage through all stages of operations, from early warning through detection, planning, targeting, cyber fires, assessing effects and resetting for follow-on plans and operations.

Site visits, laboratory exercises, seminars, guest speakers, and practical workshops complement traditional instruction. A semiannual cyber exercise is integrated into the curriculum. Thesis research or a capstone project will allow students to address topics of interest to stakeholders under the supervision of faculty experts. Tight integration with the front line war fighter and with relevant U.S. Government elements will ensure that thesis research and capstone projects are on target and rapidly integrated.

Requirements for Entry

This curriculum is open to officers of the U.S. Armed Forces and civilian employees of the U.S. Federal Government. A baccalaureate degree, or the equivalent, with grades resulting in an APC of at least 344 is required for direct entry. A TOP SECRET clearance is required with eligibility for SCI access.

Entry Date

Cyber Systems and Operations is a six-quarter resident course of study with entry dates in March and September. The duration will depend upon the number of simultaneous courses taken. If further information is needed, contact the Academic Associate or Program Officer for this curriculum.

Degree

The Master of Science in Cyber Systems and Operations degree is comprised of courses that, in combination, provide a coherent, logical approach to a complex and rapidly evolving military and government domains. In addition to course work, each student must complete a Master's thesis or a capstone project.

The Master of Science in Cyber Systems and Operations is awarded after the satisfactory completion of a program meeting, as a minimum, the following degree requirements:

  1. All courses must be satisfied through the course of study or through validation prior to graduation.
  2. Completion of a minimum of 40 quarter-hours of graduate-level courses, of which at least 16 quarter hours are CY4000-level courses.
  3. To ensure a sufficient breadth in operational understanding of the cyber domain, the following course topics must be satisfied as part of the course of study or through validation prior to graduation: Cyber Policy and Strategy (CY4410), Network Operations in a Contested Environment (CY4600)or Information Operations Systems (EC3760), Cyber Wargame: Blue Force Operations (CY4700), Cyber Wargame: Red Force Operations (4710).
  4. Minimum degree requirements of the NPS must be met.
  5. Completion of an acceptable thesis or capstone project on a subject previously approved by the Chair, Cyber Academic Group.

Program Length

Six Quarters with JPME.

Typical Course of Study

Quarter 1

CY3000

(3-0)

Introduction to Cyber Systems and Operations

CY3100

(4-1)

Introduction to Communications Networks

CY3110

(3-1)

Internet Protocols

CS3030

(4-0)

Fundamentals of Computer Architecture and Operating Systems

MA1010

(4-0)

Algebra and Trigonometry

Quarter 2

CY3520

(3-3)

Practical Network Operations

CS3600

(4-2)

Introduction to Computer Security

CY3300

(4-0)

Cyber Communications Architectures

NW3275

(4-0)

Joint Maritime Operations -

Part 1

CY4900

(1-0)

Research Topics in Cyber Systems and Operations

Quarter 3

CY3690

(4-1)

Network Security

CY3800

(3-0)

Signals Operations

CY4700

(2-5)

Cyber Wargame: Blue Force Operations

NW3276

(4-0)

Joint Maritime Operations -

Part 2

CY4901

(1-0)

Cyber Systems and Operations Research Methods

Quarter 4

CY4600

(3-2)

Network Operations in a Contested Environment (TS/SCI)

CY4400

(3-0)

Cyber Mission Planning

DA3105

(4-1)

Conflict and Cyberspace

CY0810

(0-8)

Thesis

Quarter 5

CY4750

(3-1)

Advanced Cyber Systems & Operations

CY4710

(2-5)

Cyber Wargame: Red Force Operations

NW3230

(4-2)

Strategy and Policy

CY0810

(0-8)

Thesis

Quarter 6

CY4650

(4-0)

Information Management for Cyber Operations

CY4410

(3-0)

Cyber Policy and Strategy

NW3285

(4-0)

National Security Decision Making

CY0810

(0-8)

Thesis

Students not required to complete the JPME course of study while working on a degree at NPS may omit NW3230, NW3285, NW3275, and NW3276.

Curriculum Major Area Sponsor

DCNO for Information Dominance (N2/N6).

Educational Skill Requirements

  1. Cyber Functions and Fundamentals. In order to provide officers skilled in the effective use of cyberspace to support military requirements, graduates of the Cyber Systems and Operations (CSO) program will have competence in the following cyber functional areas:
  2. Military Applications and Cyberspace Operations. The officer will be able to analyze cyber requirements of military operations and direct the effective employment of cyber assets in support of national and military objectives. In particular, the officer will be able to develop, compare, and evaluate courses of action for the incorporation of cyber capabilities in all CONPLAN/OPLAN stages of operation to achieve Assured C2, and maintain Freedom of Maneuver in Cyberspace, and deliver COCOM effects (including both non-kinetic effects and non-kinetic means of facilitating kinetic attack).
  3. Organizational Construct and Policy. The officer will have an in-depth understanding of the administrative and operational structure and command relationships of the organizations and commands that will be operating in the cyberspace domain. Additionally, the officer will be able to recall and apply strategy, policy, and authorities (ROE, U.S. law, the Law of Armed Conflict, and national policy) as it pertains to the use of non-kinetic force.
  4. Cyber System Engineering. The officer will be able to analyze existing and proposed cyber systems for the purpose of assessing cyber requirements, capabilities and limitations, identifying capability gaps, and devising system improvements. Further, the officer will be able to develop concepts of operations for new systems including integration with existing systems and assessment of test and evaluation plans.
  5. Cyber Infrastructure in Support of the Joint Information Environment. The officer will understand friendly and adversarial cyber infrastructures and will be able to diagram and explain subsystem relationships, interactions, and functions. Specifically, the officer will be able to describe and critique existing and planned infrastructures including (1) bottom-up systems for data collection or effects delivery, (2) middleware systems for smart push/pull services in a cloud/service-oriented-architecture, (3) top-down systems for command and control with a common operational picture, and (4) core infrastructure systems providing enabling communications. Additionally, the officer will be able to analyze specific cyber system implementations to identify adaptive cyber vulnerabilities and effects for defensive and offensive operations in both permissive and contested environments. The officer will be able to apply these analytic and problem-solving skills in Joint Information Environment operations to augment manpower with automated intelligence analytics for processing high volume, heterogeneous data sets to automatically produce high value alerts and actions in support of mission objectives.
  6. Space. The officer will understand and be able to explain the nature of Space Operations as it is applied within the realm of cyber operations. He/she will be able distinguish between the four JP 3-14 defined mission areas (Space Control, Space Support, Force Enhancement, Force Application) and interpret how current and planned space capabilities contribute to the satisfaction of these mission areas.
  7. Independent Research. The officer will demonstrate the ability to conduct independent investigation through the completion of a thesis or capstone project. Thesis or capstone work will be conducted in a framework that exercises the practice of innovation, critical thinking, problem solving, and real-world applicability. Further, the officer will be able to present research goals and results in both written and oral form.
  8. Joint Professional Military Education (JPME). Per community requirements, the officer will have an understanding of warfighting within the context of operational art to include: strategy and war, theater security decision making, and joint maritime operations. This requirement is fulfilled by completing the Naval War College four-course series leading to Intermediate Level Professional Military Education and JPME phase I certification.

Cyber Systems and Operations (CSO)- Curriculum 326

Program Manager

Diana Chung

831-656-2726, DSN 765-2726

Glasgow East, Room 210

dkchung@nps.edu

Academic Associate

Duane T. Davis

831-656-2239, DSN 756-2239

Code CY, Glasgow East, Room 212

dtdavi1@nps.edu

Brief Overview

The Cyber Systems and Operations (CSO) degree addresses a broad range of cyberspace operations: computer network attack, defense, and exploitation; cyber analysis, operations, planning and engineering; and cyber intelligence operations and analysis. Complementing focused and technically deep programs in the traditional departments, the Master of Science in Cyber Systems and Operations degree addresses the broad range of cyber topics needed by leaders, managers, and operators serving military missions.

Designed for a cadre of students with diverse backgrounds, this degree program is intended to provide a deep understanding of the national and military application of integrated lines of operation including operation of the global information grid (GIG), defensive and offensive cyber operations, and the required technical and nontechnical intelligence operations underpinning these. Students will learn how to seize and sustain an information advantage through all stages of operations, from early warning through detection, planning, targeting, cyber fires, assessing effects and resetting for follow-on plans and operations.

Laboratory exercises, seminars, guest speakers, and practical workshops complement traditional instruction. Individual laboratory exercises will be conducted on student owned or sponsor-provided computers. Group exercises will utilize the remote access capabilities of the Cyber Battle Lab. DL student participation in seminars, workshops, and guest lectures will be via VTC.

A semiannual cyber exercise is integrated into the curriculum. Thesis research or a capstone project will allow students to address topics of interest to stakeholders under the supervision of faculty experts. Tight integration with the front line war fighter and with relevant U.S. Government elements will ensure that thesis research and capstone projects are on target and rapidly integrated.

This curriculum is a DL version of an existing resident curriculum. Unclassified courses will be offered synchronously using VTC or asynchronously. The asynchronous mode is computer-based where students log onto a website and attend class via a prerecorded lecture which includes a series of power point slides. Asynchronous courses require online discussion boards and chat. All classified courses will be offered synchronously via VTE in a secure facility.

Requirements for Entry

A baccalaureate degree, or the equivalent, with grades resulting in an APC of at least 344.

Entry Date

The CSO DL curriculum consists of 17 courses offered over nine quarters. Specific start dates will be as directed by the sponsoring agency, but it is anticipated that cohorts will convene for fall and spring quarter starts.

Degree Requirements

The Master of Science in Cyber Systems and Operations degree is comprised of courses that, in combination, provide a coherent, logical approach to a complex and rapidly evolving military and government domains. In addition to course work, each student must complete a Master's thesis or a capstone project.

The Master of Science in Cyber Systems and Operations is awarded after the satisfactory completion of a program meeting, as a minimum, the following degree requirements:

  1. All courses must be satisfied through the course of study or through validation prior to graduation.
  2. Completion of a minimum of 40 quarter-hours of graduate-level courses, of which at least 16 quarter hours are CY4000-level courses.
  3. To ensure a sufficient breadth in operational understanding of the cyber domain, the following course topics must be satisfied as part of the course of study or through validation prior to graduation: Cyber Policy and Strategy (CY4410), Network Operations in a Contested Environment (CY4600) or Information Operations Systems (EC3760), Cyber Wargame: Blue Force Operations (CY4700), Cyber Wargame: Red Force Operations (4710).
  4. Minimum degree requirements of the NPS must be met.
  5. Completion of an acceptable thesis or capstone project - on a subject previously approved by the Chair, Cyber Academic Group.

Program Length

27 months

Course Requirements

CY4410

(3-0)

Cyber Policy and Strategy

CY4600

or

(3-2)

Network Operations in a Contested Environment (TS/SCI)

EC3760

(3-2)

Information Operations Systems (TS/SCI)

CY4700

(2-5)

Cyber Wargame: Blue Force Operations

CY4710

(2-5)

Cyber Wargame: Red Force Operations

In addition to the courses for the degree, the curriculum requires the following courses:

CY3000

(3-0)

Introduction to Cyber Systems and Operations (TS/SCI)

CS3030

(4-0)

Fundamentals of Computer Architecture and Operating Systems

CY3100

(4-1)

Introduction to Communications Networks

CY3110

(3-1)

Internet Protocols

DA3105

(4-1)

Conflict and Cyberspace

CY3300

(4-0)

Cyber Communications Architectures (Secret)

CY3520

(3-3)

Practical Network Operations

CS3600

(4-2)

Introduction to Computer Security

CS3690

(4-1)

Network Security

CY4400

(3-0)

Cyber Mission Planning (TS/SCI)

CY4650

(4-0)

Information Management for Cyber Operations

CY4900

(1-0)

Research Topics in Cyber Systems and Operations

CY4901

(1-0)

Cyber Systems and Operations Research Methods

Curriculum Major Area Sponsor

DCNO for Information Dominance (N2/N6).

Educational Skill Requirements

  1. Cyber Functions and Fundamentals. In order to provide officers skilled in the effective use of cyberspace to support military requirements, graduates of the Cyber Systems and Operations (CSO) program will have competence in the following cyber functional areas:
  2. Military Applications and Cyberspace Operations. The officer will be able to analyze cyber requirements of military operations and direct the effective employment of cyber assets in support of national and military objectives. In particular, the officer will be able to develop, compare, and evaluate courses of action for the incorporation of cyber capabilities in all CONPLAN/OPLAN stages of operation to achieve Assured C2, and maintain Freedom of Maneuver in Cyberspace, and deliver COCOM effects (including both non-kinetic effects and non-kinetic means of facilitating kinetic attack).
  3. Organizational Construct and Policy. The officer will have an in-depth understanding of the administrative and operational structure and command relationships of the organizations and commands that will be operating in the cyberspace domain. Additionally, the officer will be able to recall and apply strategy, policy, and authorities (ROE, U.S. law, the Law of Armed Conflict, and national policy) as it pertains to the use of non-kinetic force.
  4. Cyber System Engineering. The officer will be able to analyze existing and proposed cyber systems for the purpose of assessing cyber requirements, capabilities and limitations, identifying capability gaps, and devising system improvements. Further, the officer will be able to develop concepts of operations for new systems including integration with existing systems and assessment of test and evaluation plans.
  5. Cyber Infrastructure in Support of the Joint Information Environment. The officer will understand friendly and adversarial cyber infrastructures and will be able to diagram and explain subsystem relationships, interactions, and functions. Specifically, the officer will be able to describe and critique existing and planned infrastructures including (1) bottom-up systems for data collection or effects delivery, (2) middleware systems for smart push/pull services in a cloud/service-oriented-architecture, (3) top-down systems for command and control with a common operational picture, and (4) core infrastructure systems providing enabling communications. Additionally, the officer will be able to analyze specific cyber system implementations to identify adaptive cyber vulnerabilities and effects for defensive and offensive operations in both permissive and contested environments. The officer will be able to apply these analytic and problem-solving skills in Joint Information Environment operations to augment manpower with automated intelligence analytics for processing high volume, heterogeneous data sets to automatically produce high value alerts and actions in support of mission objectives.
  6. Space. The officer will understand and be able to explain the nature of Space Operations as it is applied within the realm of cyber operations. He/she will be able distinguish between the four JP 3-14 defined mission areas (Space Control, Space Support, Force Enhancement, Force Application) and interpret how current and planned space capabilities contribute to the satisfaction of these mission areas.
  7. Independent Research. The officer will demonstrate the ability to conduct independent investigation through the completion of a thesis or capstone project. Thesis or capstone work will be conducted in a framework that exercises the practice of innovation, critical thinking, problem solving, and real-world applicability. Further, the officer will be able to present research goals and results in both written and oral form.

Applied Cyber Operations (MACO) - Curriculum 336

Program Officer

Eric McMullen, LCDR, USN

831-656-7980, DSN 756-2239

Code CY, Glasgow East, Room 309

elmcmull@nps.edu

Academic Associate

Duane T. Davis

831-656-2239, DSN 756-2239

Code CY, Glasgow East, Room 212

dtdavi1@nps.edu

Brief Overview

The Applied Cyber Operations (ACO) curriculum addresses a range of operational and technical topics in defensive and offensive cyberspace operations. This includes computer network attack, active and passive defense, exploitation, cyber analysis via automated and manual toolsets, operations, policy, and engineering. Complementing the Cyber Systems and Operations curriculum, the Applied Cyber Operations curriculum covers a focused set of cyber topics suited for the technical enlisted workforce by providing graduates with a rigorous foundation in cyber security necessary for defensive and offensive cyber operations, as well as maintenance operations for the Global Information Grid (GIG). The degree covers the range of cyber topics needed by technicians serving military missions.

Designed to serve Navy enlisted personnel with Cryptologic Technician Networks (CTN) and Information Systems Technician (IT) ratings, as well as the respective enlisted personnel in other military services, the Applied Cyber Operations curriculum is intended to provide a deep understanding of the implementation of national and military application of integrated lines of operation, including operation of the DoD Global Information Grid (GIG), Defensive Cyberspace Operations (DCO), and Offensive Cyberspace Operations (OCO), cyber security fundamentals and the required technical operations underpinning these. Students will learn to seize and sustain an information advantage through all stages of operations, from compliance and early warning through detection, planning, targeting, cyber fires, assessing effects and resetting for follow-on plans and operations.

Site visits, laboratory exercises, seminars, guest speakers, and practical workshops complement traditional instruction. A cyber exercise is integrated into the curriculum. A capstone project allows students to apply concepts introduced, demonstrated and practiced earlier in the curriculum by working and reporting on topics of interest to stakeholders under the supervision of faculty experts. Tight integration with front-line war fighters ensures that capstone research is on target and rapidly integrated.

Requirements for Entry

A baccalaureate degree, or the equivalent, with grades resulting in an APC of at least 344 is required for direct entry. Applicants must possess a Bachelor of Science degree in a technical field, such as Computer Science, Electrical Engineering, Information or Engineering Technology, or a Bachelor’s degree accompanied by completion of the following training: A and C Schools for the CTN and IT respectively, namely, Joint Cyber Analysis Course (JCAC) or IT A School and IT System Administrator C School or equivalent enlisted service schools for USA, USAF, and USMC. A TOP SECRET clearance is required with SPECIAL INTELLIGENCE clearance obtainable for all students.

Entry Date

Applied Cyber Operations is a four-quarter resident course of study with entry dates in September. If further information is needed, contact the Academic Associate or Program Officer for this curriculum.

Degree

The Applied Cyber Operations curriculum is comprised of courses that, in combination, provide a coherent, logical approach to learning applied cyber systems and operations in a complex and rapidly evolving military domain. Of these courses, a subset comprises a specialization track. In addition to course work, each student must complete a capstone project.

The Master of Science in Applied Cyber Operations is awarded after satisfactory completion of a program that meets, as a minimum, the following degree requirements:

  1. All required courses must be satisfied through the course of study or through validation prior to graduation.
  2. Completion of a minimum of 40 quarter-hours of graduate-level courses.
    1. At least 12 quarter-hours of courses must be at the 4000 level.
  3. To ensure a sufficient breadth in operational understanding of the cyber domain, the following course topics must be satisfied as part of the course of study or through validation prior to graduation:
    1. Introduction to Cyber Systems and Operations (CY3000),
    2. Cyber Communications Architectures (CY3300),
    3. Introduction to Computer Security (CS3600),
    4. Network Operations in a Contested Environment (CY4600),
    5. Cyber Wargame: Blue Force Operations (CY4700) or Cyber Wargame: Red Force Operations (4710).
  4. Completion of a specialization track.
  5. Submission of an acceptable capstone project on a subject previously approved by the Chair, Cyber Academic Group.

Program Length

Four Quarters. No JPME.

Specialization Tracks

Each student in the Applied Cyber Operations curriculum will choose a specialization track no later than the start of the second quarter of study. The current specializations offered by the Cyber Academic Group are as follows:

Network Operations (NetOps) Specialization

CS3670 Information Assurance: Secure Management of Systems

CS3695 Network Vulnerability Analysis and Risk Mitigation

Defense Specialization

CS4677 Computer Forensics

CS4684 Cyber Security Incident Response and Recovery

Adversarial Techniques Specialization

CS4648 Advanced Cyber Munitions

CS4678 Advanced Cyber Vulnerability Analysis

Typical Course of Study

Quarter 1

CY3000

(3-0)

Introduction to Cyber Systems and Operations

CY3100

(4-1)

Introduction to Communications Networks

CY3110

(3-1)

Internet Protocols

CS3030

(4-0)

Fundamentals of Computer Architecture and Operating Systems

Quarter 2

CY3300

(4-0)

Cyber Communications Architectures

CS3600

(4-2)

Introduction to Computer Security

CS3690

(4-1)

Network Security

CY3520

(3-3)

Practical Network Operations

Quarter 3

CY4XXX

 

Track Requirement or Cyber Elective

CY4700/

10

(2-5)

Cyber Wargame: Blue Force Operations (CY4700) or Red Force Operations (CY4710)

CYXXXX

 

Track Requirement or Cyber Elective

CY0809

 

Capstone Project

Quarter 4

CY4410

(3-0)

Cyber Policy and Strategy

CY4600

(3-2)

Network Operations in a Contested Environment

CYXXXX

 

Track Requirement or Cyber Elective

CY0809

 

Capstone Project

Educational Skill Requirements

Cyber Functions and Fundamentals. In order to provide graduates skilled in the applications of Cyberspace to military needs, the graduate will have competence in the following functional areas:

Cyber Infrastructure, Security, and Compliance. The graduate will be able to combine analytical methods with technical expertise and operational experience for effective utilization of the Global Information Grid (GIG) within the following areas: provide hardware and software support to multi-media Automated Information Systems; advise on capabilities, limitations, and conditions of equipment; implement production control procedures including input/output quality control support; implement and monitor security procedures; understand and advise on assigned mission organization0level compliance and defense of Command, Control, Communications, Computer and Intelligence (C4I) systems. The graduate will understand the technical mechanisms and non-technical procedures associated with the enforcement of policies in cyber systems, and their synergistic relationships. Through an understanding of security threats and vulnerabilities, the graduate will be able to develop and deploy procedures, systems, and tools for defending cyber assets.

Military Applications and Cyberspace Operations. The graduate will have a thorough knowledge of problem identification, formulation, and application of tools necessary to support decision making through all stages of operations in support of national and military objectives in the cyberspace domain to include DGO, DCO, and OCO. Attention will be given to military applications with particular focus on the ways in which cyber active defensive mechanisms and offensive effects can be assimilated at high speed in conjunction with other warfare areas and the ability to deliver COCOM-desired effects.

Organizational Construct and Policy. The graduate will have an in-depth understanding of the administrative and operational structure and command relationships of the organizations and commands that will be operating in the cyberspace domain. Additionally, the graduate will be able to recall and apply strategy, policy, and authorities (ROE, U.S. law, the Law of Armed Conflict, and national policy) as it pertains to the use of non-kinetic force.

Cyber Infrastructure in Support of the Joint Information Environment. The graduate will understand friendly and adversarial cyber infrastructures and will be able to diagram and explain subsystem relationships, interactions, and functions. Specifically, the graduate will be able to describe the characteristics and applications of existing and planned infrastructures including (1) bottom-up systems for data collection or effects delivery, (2) middleware systems for smart push/pull services in a cloud/service-oriented-architecture, (3) top-down systems for command and control with a common operational picture, and (4) core infrastructure systems providing enabling communications. Additionally, the graduate will be able to analyze specific cyber system implementations to identify adaptive cyber vulnerabilities and effects for defensive and offensive operations in both permissive and contested environments. The graduate will be able to apply these analytic and problem-solving skills in Joint Information Environment operations to augment manpower with automated intelligence analytics for processing high volume, heterogeneous data sets to automatically produce high value alerts and actions in support of mission objectives.

Academic Research. The graduate will demonstrate the ability to conduct investigation in the context of the Joint Information Environment through the completion of a capstone project. Capstone work will be conducted in a framework that exercises problem solving, critical thinking, and real-world applicability. Further, the graduate will be able to present research goals and results in both written and oral form.

CY Courses

Place-holder. Do not remove.

<CY0809 - CY3800 Courses>

CY0809 Capstone Project (0-8) As Required

Every student engaged in a curriculum capstone project will enroll in this course.

CY0810 Thesis Research (0-8) As Required

Every student conducting thesis research will enroll in this course.

CY3000 Introduction to Cyber Systems and Operations (3-0) Fall/Spring

This course provides an overview of the national and military application of integrated lines of operations including operation of the Global Information Grid (GIG), defensive cyber operations, offensive cyber operations and the required technical and non-technical intelligence underpinning these. Through a series of guest lectures, students will be exposed to all aspects of cyber systems and operations ranging from the best in industry to actual plans and operations at the national and Combatant Command and component levels. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access. Prerequisites: None.

CY3100 Introduction to Communications Networks (4-1) Fall/Spring

The purpose of this course is to develop literacy and familiarity with the technologies, techniques, and systems that provide the physical communications and point-to-point communications control upon which all communications networks are based. Physical layer topics include concepts in signals, information, analog and digital signals, signal corruption, signal reception, binary and non-binary data communications, communications channels, and radio communications concepts, IEEE standards 802.11 and 802.16, network interface controllers, switches, repeaters, multiplexers, antennas, A/D & D/A converters, and vocoders. Datalink layer concepts include connection vs. connectionless oriented, packet vs. circuit mode, error control, flow control, synchronization, framing, logical link control, media access control, Ethernet, Point-to-Point Protocol (PPP), and High-level Data Link Control (HDLC). Emphasis is on military communications systems to include Link 16, DSCS, Milstar, and WNW. Prerequisites: None.

CY3110 Internet Protocols (3-1) Fall/Spring

This course covers basic device (computers, smart-phones and PDAs) communications and networking through the study of the fundamental principles and technologies employed to implement the upper three layers of the TCP/IP protocol stack. The lower two-physical (1) and link (2)-layers are addressed only insofar as to provide a complete bit-level to message-level overview regarding each layer's role in supporting end-to-end communications. For the three upper layers, the course delves into analysis of the dominant protocols employed (e.g., IP, DNS, ICMP, HTTP, DHCP, TCP, UDP, RIP, OSPF, BGP, MobileIP, VoIP, and MPLS). In addition to understanding the basic operation, each protocol is also considered in the context of basic security challenges (confidentiality, integrity, availability) encountered in a distributed, internetworked environment. Prerequisites: None.

CY3300 Cyber Communications Architectures (Same as EO3730) (4-0) Winter/Summer

The purpose of this course is to develop literacy and familiarity with Navy, DoD, and allied enterprise information systems and emerging technology trends. It presents basic concepts in conventional and military telephony and telecommunication networks; examines DoN implementations from intra-ship, ship-to-ship and long haul and discusses architectures and components of the GIG including both classified and unclassified networks. It discusses interoperability of diverse network architectures and the impact of mobile platforms on operations. Prerequisites: CY3100, CY3110, CS3030, or consent of the instructor. Classification: SECRET.

CY3520 Practical Network Operations (3-3) Winter/Summer

This course develops fluency in applying computer security principles in the context of deploying and configuring network services and architectures. Emphasis is placed on utilizing an understanding of network protocols and their vulnerabilities to defend and construct a network. Students will gain hands-on experience building a network, analyzing the interaction of network and host based security mechanisms, and maintaining continuous awareness of security relevant events. Prerequisites: CY3110, CS3502, or consent of instructor.

CY3602 Network Operations II (3-2) As Required

This course is a sequel to Network Operations I, with a focus on how to deal with network attacks and compromises. The goal is a resilient network that can meet operational and mission needs even in the face of attacks. Students will learn how to detect and respond to attacks and compromises while keeping the network operational to the extent possible. Topics covered include self-assessment through vulnerability and penetration testing, using firewalls and intrusion detection and prevention systems to monitor network traffic and system activity; and an introduction to established processes for cyber forensics and attribution, incident response, and recovery. Prerequisites: IS3502, CS3600, or consent of the instructor. Corequisite for students in Curriculum 326: CY4700.

CY3800 Topics in Signals Operations (3-0) Fall/Spring

Students will be introduced to concepts and systems for managing and ensuring effective employment of the electromagnetic spectrum (EMS). Topics include DoD, other government and Intelligence Community systems for communications; Signals Intelligence (SIGINT), Radio Frequency (RF) exploitation, electronic counter measures, electronic counter-counter measures, Precision Navigation and Timing (PNT), and EMS management. Students will better understand the role of these in building to and ensuring Naval Information Dominance and a US strategic and operational electronic advantage. Prerequisites: CY3100, CY3300, or consent of the instructor. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access.

<CY4400 - CY4901 Courses>

CY4400 Cyber Mission Planning (3-0) Winter/Summer

This course details the process of mission planning in the cyber warfare domain and its integration of cyber with other warfare domains. All phases of mission planning and execution for cyber missions in both direct and supporting roles are covered. Topics include requirements development/solicitation, managing expectations, targeting considerations, munitions development and selection, preparation of the environment, mission deconfliction in the cyber battlefield, balancing the needs of offensive and defensive stakeholders, and cyber battle damage assessment. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access. Prerequisites: CY4700. Co-requisite: CY4600, or consent of the instructor.

CY4410 Cyber Policy and Strategy (3-0) Winter/Summer

This course explores the emerging strategies, policies and doctrine associated with cyber operations and military operations affected by cyberspace. The student will review the latest guidance provided by the US government at the national, interagency, DOD, and naval levels and relate these materials to the national strategy of the US. Special emphasis is provided for the products of US Cyber Command and Fleet Cyber Command/Tenth Fleet. These materials are compared to the emerging strategies and doctrine of other countries. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access. Prerequisites: CY3000, DA3105, or consent of the instructor.

CY4600 Network Operations in a Contested Environment (3-2) Winter/Summer

This is a course in offensive cyber operations and effects achievable by cyber means in a contested environment. It examines the network environment as a domain under contention and related information operations. Existing architectures and infrastructures for conducting offensive operations are studied. This course develops the literacy and competencies necessary to understand potential problems and realistic solutions for critical non-kinetic, cyber-related warfare issues for the United States. Classification: U.S. citizenship and TOP SECRET clearance with eligibility for SCI access. Prerequisites: CY3520. Co-requisite: CY4400, or consent of the instructor.

CY4650 Cyber Data Management and Analytics (4-0) Winter/Summer

This course surveys the use of information technologies and data analytics, with emphasis on case studies relevant to cyber operations and to the DoD. Topics include technologies and trends for Big Data management (e.g., distributed cloud file systems, NoSQL data stores); major themes and technologies in cloud computing (SaaS, PaaS, IaaS), distributed computation frameworks (MapReduce); and case studies focusing on how cloud infrastructure is used to enable services and analytics (e.g., mining, matching filtering and translating data). Prerequisites: CY3520 or consent of the instructor.

CY4700 Cyber Wargame: Blue Force Operations (2-5) Fall/Spring

This course explores the development of cyber-oriented war games and exercises from the perspective of maintaining a high state of readiness in the face of hostile action. Topics include fundamentals of game theory, scenario selection, scenario development, and execution. Following scenario definition, students will develop a strategy for defending and operating their networks while responding to hostile activities. Emphasis is placed on risk assessment, employment of forces and assets, early detection of threats and maintaining services in an increasingly degraded environment. This course is designed to be offered simultaneously with Cyber Wargame Red Force Operations and culminates in a week-long cyber exercise in which the students participate in the blue force role. Prerequisites: CY3520 or CS3600 or CY3602 or CS3690 or DA3104 or consent of the instructor.

CY4710 Cyber Wargame: Red Force Operations (2-5) Fall/Spring

This course explores the development of cyber-oriented war games and exercises from the perspective of maintaining a high state of readiness in the face of hostile action. Topics include fundamentals of game theory, scenario selection, scenario development, and execution. Following scenario definition, students will develop a strategy for defending and operating their networks while responding to hostile activities. Emphasis is placed on risk assessment, employment of forces and assets, early detection of threats and maintaining services in an increasingly degraded environment. This course is designed to be offered simultaneously with Cyber Wargame Blue Force Operations and culminates in a week-long cyber exercise in which the students participate in the red force role. Prerequisites: CY4600 and CY4700; or any one of: CS3695, CS4678, CS4558, EC4755, EC4765, EC4785; or consent of the instructor.

CY4750 Advanced Cyber Systems and Operations (3-1) Fall/Spring

This course serves as a capstone experience in which the students are immersed in a current operational or policy challenges related provided by the Information Dominance Corps community stakeholders. The assigned task will involve proposed cyber operations in support of an existing or anticipated operational plan. Student teams will develop courses of action (COA) that address legal, ethical, political, technical, tactical, operational and strategic implications. The recommended COA will be presented to the stakeholders. Prerequisites: CY4100, CY4400, CY4600. Classification: TS with eligibility for SCI.

CY4900 Research Topics in Cyber Systems and Operations (1-0) Winter/Summer

This course is designed to help students determine, shape and explore the foundational research for their theses and to introduce them to advances in cyber technologies and research. Students are expected to register for this course in the second quarter of their course of study.

CY4901 Cyber Systems and Operations Research Methods (1-0) Fall/Spring

The objective of this course is to introduce students to research design and execution in the context of cyber systems and operations. Topics include a review of quantitative, qualitative, and heterogeneous research methods. Framing a hypothesis, collection of background material and literature review, the use of models and experimentation as part of a scientific process, testing and analysis, and the determination of well-grounded conclusions will be covered. The development of the thesis, writing techniques and thesis management will be covered. Students are expected to register for this course in the third quarter of their studies.