Air Force Space Command issues CTE sources sought
On November 28, the U.S. Air Force Space Command issued a sources sought notice for a Cyber Threat Emulation (CTE) Training Course (Solicitation Number: FA8773-18-R-8004). Responses are due by 12:00 p.m. Central on December 8.
The 836th Cyberspace Operations Squadron (COS) at JBSA Lackland, TX has a requirement to support Defensive Cyberspace Operations (DCO) mission for the Air Force (AF) and combatant command warfighting operators.
BACKGROUND: The cyber threat emulation (CTE) squad generates the effects necessary to evaluate a mission’s cyberspace security posture with a focus on non-permissive network access through the realistic replication of representative threats to mission owner’s cyber key terrain. CTE capabilities work to primarily enable three direct actions: 1) the education and improvement of cyber defenders understanding of cyber threat tactics, techniques, and procedures (TTPs), 2) replication of representative threats to support risk mitigation efforts, and 3) guide cyber defense operations based on Red Cell perspective.
The primary purpose of integrated CTE operations in the CPT is to cover the gap between what current defenders know of cyberspace defense to what defenders need to know about the art of attack and the ITPs of advanced cyberspace attack maneuver. The CTE squad develops representative threat packages and conducts initial targeting of a specified DOD mission and its cyber terrain from a threat perspective. CTE capabilities conduct threat emulation ranging from probing, exploitation, and data exfiltration through approved and coordinated disruption, degradation, or denial effects in order to evaluate and stress cyberspace operations and mission survivability. While not equivalent to DOD Red Teams, CTEs will be certified and accredited in accordance with DOD Red Team policies due to the effects and impact they can have to DOD cyberspace. Working directly with the other CPT squads on the team, with emphasis on Mission Protection and Discovery & Counter Infiltration (DCI), the CTE squad executes participative threat emulation to evaluate established risk mitigation capabilities. CTE squads recommend risk mitigation strategies to hinder threat. CTE squads also execute unannounced and non- cooperative threat emulation to allow for mission risk mitigation capability and TTP validation. Through the conduct of defensive operations the CTE squad provides Red Cell assessment guidance to the conduct of defensive cyber operations. The CTE squad monitors and coordinates threat effects with all other DOD CTE squads and DOD defensive cyber operations. CTE intelligence operators support the awareness and communication of threat capabilities to allow the CTE to maintain and generate realistic representative threat. CTE intelligence operators support the development and integration of intelligence requirements to sustain the mission owner’s tasks and integrated cyber defenders. CTEs can be enabled to execute OPFOR objectives during exercise events for which their CPT is not a part of those exercises.
SPECIFIC REQUIREMENTS: This contract will provide essential expertise and capabilities to support the 26 NOG and 26 OSS in DCO/DGO/DCA/OCO missions for the AF and combatant command warfighting operators.
Full information is available here.