Next-Generation Defensive Cyber Operations (DCO) Platform
Abstract:
The frequency and complexity of recent cyber intrusions have made the job of defending networks a daunting task. Signs of suspicious or malicious activity can be found in one of many data sources within the network. Local network defenders are held accountable for preventing cyber intrusions but generally are not provided with adequate tools to aid in prevention and detection. With the variety of local network-defense data sources (for example, log files, network traffic, endpoint artifacts) that must be analyzed for suspicious activity, a network defender’s responsibility has evolved from finding a needle in a haystack to finding parts of a needle from among multiple haystacks. The National Security Agency’s (NSA) next- generation Defensive Cyber Operations (DCO) sensor platform, known as CHUCK (Comprehensive Hunt & Ultimate Cyber Kit), is an initiative to provide a platform for local network defenders to collect large volumes of network-defense data from multiple sources within an environment, thereby enabling detection and discovery of new threats in a secure and timely manner.
AUTHORS
Operations Directorate National Security Agency Fort George G. Meade,
MD, U.S.A.
Scott Brown currently serves as the Deputy Technical Director (DTD) of the Directorate of Operations (DO) at the National Security Agency. As DTD, he is responsible for providing technical guidance to DO leadership regarding emerging trends and threats that affect NSA’s foreign intelligence, cyber, and information assurance missions. He previously held several leadership positions in the Information Assurance Directorate focused on defensive cyber services and capabilities. He earned a bachelor’s degree in Mechanical Engineering from the University of Maryland and a master’s degree in Computer Science from Johns Hopkins University. His areas of expertise include cybersecurity prevention, detection, response, and mitigation.
Operations Directorate National Security Agency Fort George G. Meade, MD
U.S.A.
Sean Carlin currently serves in the National Security Agency’s Cyber Security Operations, On-Net Pursuit organization. As a Strategist, he solves On-Net challenges posed by an adversary and emerging tradecraft and methodology that affects NSA’s cyber and information assurance missions. He previously served in several technical and leadership roles for the Information Assurance Directorate’s Mission Technology Development Group focused on Defensive Cyber Operations (DCO). As an IT Architect, he designed, developed, and implemented next-generation DCO mission systems with a focus on sensor and transport ecosystems. He also served as Technical Director for the IT Engineering Division and Chief of the Sensors and Networks Branch. He earned a bachelor’s degree in Information Assurance from the University of Maryland, as well as a Certificate in Information Assurance & Cyber Security. He also holds 13 industry certifications in a host of security technologies and platforms
Operations Directorate National Security Agency Fort George G. Meade, MD, U.S.A.
Ivan Torres-Negron is a Senior Cyber Defense Network Analyst for the Department of Defense, with vast experience in many deployed operations to include vulnerability assessment and incident responses. He earned a bachelor’s degree in Computer Engineering from the University of Puerto Rico (Mayaguez Campus). He is currently pursuing a graduate degree in Information Security Engineering from Johns Hopkins University.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
