22nd ICCRTS “Frontiers of C2”
Protecting Information Sharing Systems with Commercial Solutions for Classified Encryption Paper 25 Topic 1: Operational Issues: Coalition Command and Control Topic 6: Interoperability/Integration and Security Topic 2: C2 Concepts, Theory, Policy and Approaches
Mr. Mark E. Miller (Key Management Solutions) Mr. Ken D. Teske (Key Management Solutions) Mr. Michael D. Tisdel (Key Management Solutions) Mr. Patrick Guerin (Key Management Solutions)
Point of Contact Mark E. Miller Key Management Solutions 223 N Wahsatch Ave, STE 206 Colorado Springs, Colorado 80903-2253 (703) 801-2801
[email protected]
1
Abstract With the increase in research and development of Quantum computers to break current encryption devices, there’s a critical need to ensure information sharing systems are protected. The Department of Defense (DoD) and all Mission Partners should develop Commercial Solutions for Classified (CSfC) capabilities and options as an alternative to using traditional Type-1 encryption for some users and scenarios. CSfC provides the user the ability to secure their information systems and networks in the Cyber arena to enhance mitigation of future quantum computing threats. Applying and evolving a framework approach discussed in the 19th ICCRTS, will show the importance of comprehending each mission partner’s CSfC efforts, whether from Special Operations and Conventional Forces, or a Ministry, Bureau, or Agency to protect against Cyber threats. To accomplish this, we look at four principles: Common vision, goals and objectives for the mission; Common understanding of the situation; Coordination of efforts to ensure coherency; and Common measures of progress to change course or direction as needed. We must analyze DoD’s and Mission Partner’s Cyber approaches, best practices, and lessons learned to identify common goals, areas of interest, capabilities, and common categories of effort to address common focus areas for CSfC.
2
Introduction This paper describes and introduces new enhancements and capabilities that build on the Methodology to Improving Unity of Effort for Mission Partner Planning discussed in the 19th ICCRTS paper (003) [Ref. A]. We have modified and refined the original Unity of Effort framework into what we call the Alignment, Synchronization, and Integration Framework (ASIF) methodology. These modifications allow the user to better facilitate and manage multiple disparate agencies, organizations, and entities, with different and varying missions, goals, objectives, processes and procedures, to better align and synchronize the stakeholders involved, to develop common views and understandings to enhance coordination and integration of solutions identified to mitigate the gaps, seams, or problem areas plaguing the concerned stakeholders. This continued evolution from the Unity of Effort framework to the ASIF methodology could also be applied to better understand Commercial Solutions for Classified (CSfC) encryption to secure networks used to share information between DoD, other U.S. Government agencies, foreign governments and militaries, and all mission partners. Initially we intended for this paper to cover how the US and our mission Partners were using or could use CSfC to secure their information sharing networks to facilitate the sharing of information and enhancing situational awareness and partner capacity. However, our initial research and analysis has identified a possible capability gap in that there are no (or appears to be no) national or international standards pertaining to CSfC. These capabilities are essential to ensure that DoD is confident in their ability to safely and securely share information in order to develop and maintain shared awareness and understanding with all mission partner nations. There may be a lot of commercial companies and countries talking about CSfC and wanting to do CSfC, but there doesn’t appear to be any movement on developing individual country standards (except for the US) or international standards for CSfC, at least at the open source, public releasable level. There may be countries that have CSfC solutions at the classified level, but due to access and clearance issues, we will only be concentrating on non-classified, public accessible information. So, for now, we will concentrate on what the US, specifically DoD, is doing and show how the ASIF methodology could assist the US and mission partners in mitigating the lack of international CSfC standards and enhance secure information sharing. To accomplish a global CSfC integration, DoD and mission partners must act together with each other as well as with other organizations to ensure a shared understanding of the capabilities, limitations, and consequences of a globally employed force.
3
In an ideal world, government organizations worldwide concerned with security issues would operate from an overarching collective strategic plan at the global, regional and country-level to ensure alignment of various efforts. In fact, organizations face momentous obstacles ensuring that that their plans and/or programs are based on shared assessments of conditions and are appropriately aligned to develop, produce, and maintain a common viewpoint.
Background In the summer of 2014, this team proposed a solution and repeatable processes to improve Unity of Effort at the 19th ICCRTS in paper (003) “Methodology to Improving Unity of Effort for Mission Partner Planning” [Ref. A]. The Unity of Effort framework was developed as a multipurpose planning aid to facilitate United States Government (USG) stakeholders’ coordination, synchronization, visibility and information sharing for improving unity of effort. The framework helps to identify gaps, seams and redundancies amongst stakeholders, and helps focus similar efforts to achieve national goals and objectives. The Unity of Effort framework is now an established “Best Practice” for the DOD and others. Rapid and secure information sharing is vital to protecting our nation and its interests along with maintaining overall situational awareness and trusted relationships with our allies and mission partners. With the continued research and development of quantum computers and the consistent advances in quantum computing, many experts predict that sufficiently large quantum computers capable of breaking public key cryptography are not that far off in the future. What once was thought to be 20-30 years in the future is now seen as a possibility within the next 10 years or so. The National Security Agency (NSA) is responsible for setting policy and issuing guidance for National Security Systems (NSS) and approving solutions for protecting NSS, which includes systems that handle classified information or are otherwise critical to military or intelligence activities [Ref. B, Ref. C, and Ref. D]. NSA has established new guidelines for the use of CSfC to mitigate the threat of quantum computers rendering our cryptographic algorithms less effective (and sometimes possibly useless) for securing our National Security Systems, thus limiting our ability to effectively share vital information with our allies and mission partners to accomplish the goals and objectives of the issues at hand, whether it’s combat related, humanitarian assistance, or a disaster relief responses. CSfC is the NSA’s business process for layering commercial technologies to protect classified NSS information. It is founded on the principle that properly configured, layered solutions can provide adequate protection of classified data in a variety of different applications. NSA has developed, approved and published four solution-level specifications called Capability Packages (CPs), and works with Technical Communities from across industry, governments, and academia to develop and publish product-level requirements in US Government Protection Profiles (PPs). CPs for Mobile Access, Virtual Private Network, Campus Wireless LAN, and Data at Rest 4
solutions are now published on their website [(Ref. E]. However, if you have a solution that doesn’t comply with one of the four CPs, you can use the CSfC deviation process as a special case to seek NSA approval. NSA has approved use of CSfC for secure communications for both MPE and US BICES architectures, but no one has addressed the keying architecture on either the US or non-US side, so its use has been delayed. However, there are some organizations using CSfC and appear to be pleased with the benefits the CSfC program provides. By implementing CSfC, U.S. SOUTHCOM and AFRL have expanded their capabilities to ease communications with U.S. and coalition partners.
“[CSfC] will minimize the cost and complexity of SIPRNet deployments, streamline operation and maintenance (O&M) costs, and enhance security. CSfC provides the USAF with the best solution to meet classified network access requirements … especially with today’s budgetary constraints.” Air Force Research Laboratory (AFRL) 5
CSfC is an alternative to using Type 1 encryption and has the following benefits: -
Faster deployment Latest technologies and capabilities Agile, scalable solutions Releasable to international partners Industry, academia, and government synergy Logistics and life cycle efficiencies
Organizations can keep using Type-1 and be OK as quantum computers are not a real treat to the symmetric ciphers used by Type-1. A quantum computer’s optimal capability is to reverse factor asymmetric ciphers, such as those most commonly used in PKI key establishment (Diffie Hellman, RSA, etc.) and that is where the concern comes from. CSfC is a great alternative to traditional Type-1 encryption for some users and scenarios, however, there is still a lot of confusion and misunderstanding with regards to using CSfC solutions. Using the ASIF Methodology, we can look at what solutions are currently in place to mitigate the threat of quantum computing, who is, or could be, using these solutions, and how these solutions could be used.
The Concept of the ASIF methodology This conceptual approach to building an Alignment, Synchronization, and Integration Framework is a way to visualize components of existing plans, programs, and activities to improve the distribution and application of scarce resources with maximum positive effect. The structure, definitions, templates, and how-to instructions of the ASIF are repeatable and reusable. However, each application of the Framework will produce unique, products for each stakeholder, mission set, and operating environment. The Framework consists of a how-to guide (the Solution Guide), a set of templates for “Module 2” – the three-dimensional view, “Module 3” – the matrix view, and “Module 4”, what we call the deep dive or detailed stage of planning. Below is a graphic view (figure 1) for building the quick reference guide and attributes for each stage of the original Unity of Effort Framework to aid in understanding of the process [Ref. F].
6
Figure 1: Quick reference guide and attributes The Framework is a viable repeatable process for improving collaboration and planning. As mentioned earlier, in 2014 stakeholders at the time collectively identified over twenty reasons, rationales, and explanations, which impede unity of effort. We call these reasons, rationales and explanations inhibitors. In the first two modules of the Framework; identifying stakeholders, having them develop (and reach consensus on) common objectives, and explaining their operating environment can remove and/or mitigate a number of the top twelve inhibitors, for example; differing lexicon, no visibility, disparate activities, and confusion over mixed messages. These inhibitors are identified in Table 1 below. Top Twelve Inhibitors to Unity of Effort 1. Stovepipes/silos (lack of information sharing) 7. No established process (ad hoc) 2. No visibility of efforts and activities 8. No global repository of information 3. Partner nations confused over mixed 9. No forcing function to drive unity of messages effort 4. Lack of planning resources 10. Conflicts in planning timelines 5. Differing lexicon/taxonomy/language 11. Uncoordinated efforts 6. Disparate activities 12. Competing priorities Table 1: Inhibitors to Unity of Effort
7
Today, we find that there are no major changes to stakeholder beliefs on these inhibitors. In fact, we have seen some of these same inhibitors in our follow-on framework analysis to include; a Mali framework, USSOCOM IT/IS Portfolio framework, “The Two Sudans framework, a Global SOF Directory and Repository framework, and a Vulnerability Assessment framework. The number of inhibitors encountered in each framework will vary depending the scope and objective of each project. If the above twelve inhibitors degrade unity of effort and by extension, collaboration and planning, then it would be a logical assumption that the mitigation of one (or more) of those inhibitors would thereby improve planning, alignment, and synchronization. To keep stakeholders in the sphere of reality, it must be pointed out that there are certain “inhibitors” that by their very nature seem impervious to any type of attempt to address the inhibitor. However, this does not preclude attempts to solve these issues. That being said, the NSA, along with other USG agencies and mission partners, could use the ASIF to enhance their CSfC program to provide solutions to mitigate the threat of quantum computers and ensure the security of their information sharing networks. Absent a framework, NSA and others could waste time, effort and financial resources attempting to solve individual encryption problems without an understanding of the key factors that drive interoperability and compatibility among different classified information sharing networks. Use of the ASIF could identify and visualize the following areas relevant to CSfC: 1) What data needs protected – what are the different types/levels of data that need to be protected…i.e., US GOV'T Confidential, US GOV’T Secret, NATO Restricted, NATO Secret, Foreign GOV'T Classified, Foreign Military Classified, Company Proprietary, etc. 2) Who needs data protected - US GOV'T (SECSTATE, SECDEF, DOC, DOE, DOJ, etc), US Military, US Commercial (Financial, Medical, Corporations, Vendors, etc), NATO, Mission Partners, Foreign GOV'Ts and commercial entities, Foreign Alliances, etc. 3) How can/is data protected – Commercial National Security Algorithm (CNSA), Suite B Algorithms, Type 1 Encryption, Pre-Shared Key, Layered Solutions, and/or Tailored Solutions. To address these challenges our team started with the baseline Unity of Effort Framework construct and “Dashboard” [Ref. A] seen in Figure 2 below, and modified it into the Alignment, Synchronization, and Integration Framework seen in Figure 3.
8
Figure 2: Unity of Effort “Dashboard”
COMMERCIAL SOLUTION for CLASSIFIED (CSfC) ASSESSMENT FRAMEWORK COMMON VIEW Analysis Module 1 Start with Higher Level Guidance Identify Stakeholders
COMMON UNDERSTANDING
Analysis
Higher-Level Guidance
Authorities Directives
Stakeholders
Others
Others
What data needs protected
Who needs data protected
CSfC ASSESSMENT FRAMEWORK
Network CCIRs / Priorities
How can/is data protected
Contact List
Terms / Definitions
Three Dimensional View
Analysis Module 2 What data needs protected Who needs data protected How can/is data protected
EFFORT ALIGNMENT & ASSESSMENT Module 3
Standard Operating Procedures & Tailored Response Options
Analysis Identify Lead and Support for What data needs protected Identify Who needs data protected Identify How can data be protected
Figure 3: Alignment, Synchronization, and Integration Framework “Dashboard” 9
In this application of the ASIF, you would uniquely adapted products for the stakeholder, mission set, and operating environment. The framework how-to guide would be restructured as well as some of the templates for the “Module 2” and “Module 3” views. For some missions or problem sets, the Framework may end at “Module 3”. If needed, “Module 4” in the Framework would be useful only if additional work (a “Deep Dive”) is desired or needed to identify capability/capacity gaps, coordinate activities, and/or develop specific recommendations to address inhibitors or impediments to unity of effort. “Module 1” starts off by identifying higher-level guidance and stakeholders to build a common view. The necessity for executing the Framework arises through normal planning or is initiated by higher-level guidance. It may be a routine review of national-level guidance documents that require an update, a new national-level strategy that needs to be addressed and consequently coordinated across the USG, or it may be an assessment of world events that requires interagency efforts. Stakeholders and mission partners are organizations, persons, or groups that have an investment, share, interest, or play an important part in the design and outcome of a stated issue, mission, or problem set. In “Module 2”, we start building a common understanding. Building a common understanding is achieved through collective identification and consensus of common objectives, a common operating environment, and common categories of effort by stakeholders and mission partners. They meet or provide information concerning their perspectives and interpretation of the mission area goals and objectives that will be analyzed and consolidated by the coordination/facilitation group into the Framework. Throughout “Module 2”, each stakeholder provides input for consideration. Once analyzed and agreed upon, the common objectives, a common operating environment, and common categories of effort are inserted into a three-dimensional view (see figure 4). Further, a common lexicon is established to ensure clear communication amongst stakeholders and mission partners.
10
Figure 4: Three-Dimensional View of the Framework Looking at the CSfC program, we could use the types of data we need to protect as our common objective, the organizations that need data protected as our operating environment, and the CSfC solutions that are available as our categories of effort. This data would look something like figures 5, 6, and 7 respectively.
US GOV'T Unclassified (CUI) US GOV'T Unclassified (FOUO) US GOV'T Classified (Confidential) US GOV'T Classified (Secret) US GOV'T Classified (Top Secret) NATO Unclassified NATO Restricted NATO Secret Foreign GOV'T Unclassified Foreign GOV'T Classified Foreign Military Unclassified Foreign Military Classified Company Proprietary Commercial Classified Client Confidential HIPAA (Electronic Protected Health Information (EPHI))
Figure 5: What data needs protected 11
US GOV'T (SECSTATE, SECDEF, DOC, DOE, DOJ, etc) US Military US Commercial (Financial, Medical, Corporations, Vendors, etc) NATO GOV'Ts NATO Military NATO Comercial Mission Partners Foreign GOV'Ts Foreign Military Foreign Commercial Foreign Alliances Coalition Cooperatives
Figure 6: Who needs data protected Protection Method CNSA (RSA 3072-bit or larger) up to TOP SECRET CNSA (Diffie-Hellman (DH) 3072-bit or larger) up to TOP SECRET CNSA (ECDH with NIST P-384) up to TOP SECRET CNSA (ECDSA with NIST P-384) CNSA (SHA-384) up to TOP SECRET CNSA (AES-256) up to TOP SECRET Suite B (AES-128) up thru SECRET Suite B (AES-256) up thru TOP SECRET Suite B ( ECDSA with 256 256-bit prime modulus) up thru SECRET Suite B (ECDSA with 384 384-bit prime modulus) up thru TOP SECRET Suite B (EC Diffie Diffie-Hellman or EC MQV with 256 256-bit prime modulus) up thru SECRET Suite B (EC Diffie Diffie-Hellman or EC MQV with 384 384-bit prime modulus) up thru TOP SECRET Suite B (SHA SHA-384) up thru TOP SECRET Type 1 Encryption Pre-Shared Key Layered Solutions Tailored Solutions
Abbreviation CNSA RSA 3072 CNSA DH 3072 CNSA ECDH P384 CNSA ECDSA P384 CNSA SHA-384 CNSA AES-256 Suite B AES-128 Suite B AES-256 Suite B ECDSA 256 Suite B ECDSA 384 Suite B EC DH or EC MQV with 256 Suite B EC DH or EC MQV with 384 Suite B SHA 384
Figure 7: CSfC Solutions 12
Type 1 PSK LS TS
CNSA RSA 3072 / CNSA ECDH P384 / PSK
US GOV'T Unclassified (CUI)
Type 1 / PSK
CNSA RSA 3072 / CNSA ECDSA P384
Type 1 / PSK
CNSA ECDH P384 / Suite B AES-256
Type 1 / PSK
CNSA ECDH P384 / Suite B AES-257
Type 1 / PSK
CNSA ECDH P384 / Suite B AES-258
Type 1 / PSK
US GOV'T Classified (Confidential) Type 1 / PSK
US GOV'T Classified (Secret) Type 1 / PSK
US GOV'T Classified (Top Secret)
NATO Unclassified
NATO Restricted
NATO Secret
Foreign GOV'T Unclassified
Foreign GOV'T Classified
Foreign Military Unclassified
Foreign Military Classified
Company Proprietary
Commercial Classified
Client Confidential HIPAA (Electronic Protected Health Information (EPHI))
Return
Figure 8: CSfC Example Matrix
13
ial
Pa rtn ers Mi ssi on
TO Co me rc NA
TO Mi lita ry NA
C (Fi om m n Co anci erci rpo al, al rat Me ion dic s, V al, etc end ors ) , NA TO GO V 'T s
Mi lita ry
Suite B ECDSA CNSA ECDH P384 / 256 CNSA AES-256
Suite B EC DH or EC MQV with 384 / PSK
US GOV'T Unclassified (FOUO)
US
US
COMMERCIAL SOLUTION for CLASSIFIED (CSfC) ASSESSMENT FRAMEWORK
US G SE OV' CD T ( EF, SEC DO STA C, D TE, etc OE, D ) OJ ,
During “Module 3”, we start aligning efforts and assessing building a common understanding. The completed three-dimensional view built during “Module 2” is flattened into a matrix (spreadsheet format) incorporating all of the elements of earlier modules. The use of widely available software like Microsoft Excel or Access is encouraged, which allows ease of use amongst stakeholders and mission partners. The matrix consists of common objectives (on the left side), common operating environment (across the top), and common categories of effort (entered into the body of the matrix) at the intersections of common objectives and the common operating environment (see figure 8). The matrix allows stakeholders and mission partners to select multiple common categories of effort as needed for “Module 3”. The coordination/facilitation group will create the initial matrix, a spreadsheet template, and distribute it to stakeholders and mission partners so they may fill in the spreadsheet as part of the “Module 3” process.
As you can see in Figure 8 above, there are currently only CSfC solutions for the US. There may be other countries and Mission Partners that have CSfC programs, but our initial research at the unclassified, open source public releasable level has not identified any yet. Although we are still conducting initial research and analysis, we could engage DoD and Mission Partners through feedback and discussion to measure the level of improvement the ASIF could provide in developing a Common View, Common Understanding and increased Alignment of Efforts for CSfC. The results would be based on three factors: stakeholder agreement, increased visibility, and capability awareness significance with the results should in Table 2 below. Unity of Effort Attribute
Common View
Common Understanding
Initial Baseline
Assumed Final Result
Does ASIF application mitigate the occurrences of mixed or confusing messages about mission partner capabilities?
Inconclusive
Conclusively
Does ASIF application mitigate the need for CSfC?
Inconclusive
Probably Not
Does ASIF application provide for common lexicon and terminology?
Possibly
Conclusively
Does ASIF application identify areas to focus resources?
Possibly
Conclusively
Does ASIF application improve the ability to align efforts with mission partners?
Inconclusive
Conclusively
Possibly
Conclusively
Inconclusive
Conclusively
Evaluation Metric
Alignment of Efforts
Common Measures of Progress
Usability
Does ASIF application provide the means to determine common measures of progress and provide for greater understanding of capability sets? Does ASIF application and new visualization provide useful capability to mission partners?
Table 2: Assessment Matrix Because we are still in are initial phase of research and analysis of CSfC, the Final Results column of the Assessment Matrix above is an assumption of what the final results would be, pending further research and engagement with stakeholders, due to our experience using the Unity of Effort Framework and now ASIF on six other studies.
Conclusion Unity of effort is based on four principles: 1. Common vision, goals and objectives for the mission 14
2. Common understanding of the situation 3. Alignment of efforts to ensure continued coherency 4. Common measures of progress and ability to change course as needed The Alignment, Synchronization, and Integration Framework, when used, improves collaborative planning and alignment to address security challenges and many other issues by improving unity of effort without requiring a change to any ongoing internal organizational planning or programming processes, by providing a means for interagency organizations to reach a common view and a common understanding, and sets the stage for greater information sharing on capabilities, capacities, and activities. “Such a comprehensive alignment management concept uniquely recognizes that any organization, department, or even program, even if it has its own mission, vision, strategies, and critical success factors, is only one element of a larger delivery and service mechanism. In nearly all cases the success of strategy to execution depends on the ability to operate in alignment and therefore unity with the rest of the organizations with a common stake in the issues” [Ref. G]. Our initial research and analysis has identified the following as future work needing more research an analysis to provide a better understanding of CSfC: 1. NSA and NIST could use the framework to standardize quantum resistant algorithms and protocol usage to better ensure compatibility and interoperability between DoD and Mission Partners. 2. Continue to conduct research and analysis to develop an international standard for CSfC. 3. The initial framework will assist and guide international partners in identifying compatible CSfC solutions. 4. Additional research is needed to find non-technically suitable solutions for use with US partners. 5. Everyone will eventually have to transition to quantum resistant algorithms and/or PreShared Keys.
15
Appendix A: References A. 19th ICCRTS A Methodology to Improving Unity of Effort for Mission Partner Planning paper 003 - 17 June 2014 B. National Security Directive 42, National Policy for the Security of National Security Telecommunications and Information Systems C. Federal Information Security Management Act of 2002 D. DoD Instruction 8523.01 E. NSA website: https://www.nsa.gov/resources/everyone/csfc/ F. Unity of Effort Framework Solution Guide, Joint Staff, Aug 2013 G. The Complete Business Process Handbook, 2015 LEADing Practice ApS
16
Appendix B: Glossary
Activities: For the Framework activities refers to how capabilities are accomplished in a Key Intersection. [Ref: A, F] Authority: USG agencies and organizations draw their authority from the U.S. Code, Presidential directives and executive orders, decisions of the Federal courts and treaties. (gpo.gov) Power to influence thought, opinion or behavior – implies the power of winning devotion or allegiance or of compelling acceptance and belief – the right or power to command, rule or judge. [[Ref: A, F] Capability: For the Framework capability refers to the “what and why” that is taking place in a Key Intersection. [Ref: A, F] Categories of Effort: For the Framework Categories of Effort can be elements of national power or lines of effort. The type of exertion expended for a specified purpose. See Elements of National Power. [Ref: A, F] Common Objective: An objective agreed upon by all stakeholders. [Ref: A, F] Coordinate Objective: A statement of the condition or state one expects to achieve. (USAID Glossary of Evaluation Terms and DOD). The clearly defined, decisive and attainable goal toward which every operation is directed. Objectives are developed within the context of existing U.S. national security and foreign policies, and are derived from higher-level guidance. [Ref: A, F] Contributing: For the Framework, refers to a Stakeholder or mission partner that is executing, supporting, sharing or involved at some level in an intersection in support of the lead organization. [Ref: A, F] Deep Dive: Stakeholders and mission partners will collectively conduct an examination with a primary focus on capabilities (“what and why”), capacity (“where, when and how often”), and activities (“how capabilities are being accomplished”) at a specific Key Intersection of common objective and operating environment. [Ref: A, F] Framework: For the Unity of Effort Framework project, a Framework is a mechanism that allows government agencies to visualize and preempt or resolve potential conflicts in their actions, activities and resources in order to support a specific national strategy or policy (e.g., Strategy to Combat Transnational Organized Crime, a Humanitarian Assistance/ Disaster Relief Operation, or other operations). [Ref: A, F]
17
Matrix: For the Framework, the matrix is a spreadsheet view of the three elements: Common Objectives, Operating Environments, and Categories of Effort. It is the starting point where Stakeholders and Mission Partners begin collaboration and coordination of efforts. [Ref: A, F] Matrix or Spreadsheet Cell: For the Framework, a column and row intersection within a Framework matrix to be populated by stakeholder organizations. This represents the intersection of a common objective and a specific operating area for a given mission. [Ref: A, F] Operating Environment: A combination of conditions, surroundings, circumstances, and landscape: The Operating Environment can be looked at in many ways, some examples are; geographic regions, sectors, domains, critical terrain, countries, states, key border crossings between nations, mountainous areas, and land routes which are forms of identifying locations or areas where activities take place and bear on the decisions of leaders. Others may be more specific with identifying the operating environment for example; sub-regions, portfolios, seaports, bridges, roadways, waterways, airfields, air corridors. [Ref: A, F] Planning: The process to identify appropriate results, develop approaches to reach them, assign needed resources, organize to achieve results, and identify the means to measure progress (3D Planning Guide, DOD). An orderly, analytical process that consists of a logical set of steps to analyze a mission, select the best course of action, and produce an operation plan or order. [Ref: Derived from Joint Publication 3-0, 5-0] Resources: The personnel, materiel, and other assets or capabilities apportioned or allocated to the commander of a unified or specified command. [Ref: Derived from Joint Publication 1-02] Stakeholder: A person or group that has an investment, share, or interest in something, as an organization, business or industry. Organizations that play an important part in the design and outcome of a stated issue. [Ref: A, F] Unity of Effort: Coordination and cooperation toward common objectives, even if the participants are not necessarily part of the same command or organization. The product of successful unified action. [Ref: Joint Publication -1] A cooperative concept, which refers to coordination and communication among USG organizations toward the same common goals for success; in order to achieve unity of effort. It is not necessary for all organizations to be controlled under the same command structure, but it is necessary for each agency’s efforts to be in harmony with the short- and long-term goals of the mission. Unity of effort is based on four principles [Ref: US Department of State]: • Common understanding of the situation • Common vision or goals for the R&S mission • Coordination of efforts to ensure continued coherency 18
•
Common measures of progress and ability to change course if necessary
Unity of Effort Framework: A multipurpose planning aid designed to improve unity of effort by setting the stage for Stakeholder’s coordination, synchronization, visibility and information sharing. [Ref: A, F, G]
19