Title: Cyberwarfare Distributed Training Considerations and Requirements for Operators in Network Centric W
1Cyberwarfare Distributed Training Considerations
and Requirements for Operators in Network Centric
Warfare
2Introduction Motivation
- US military undergoing a massive shift in its
approach to warfare - Small, powerful, directed
- High speed
- Push and post of information
- Reliance on the network - Network Centric Warfare
- Places unprecedented reliance upon information
- Makes information systems a tempting target
- Given importance of information operations,
readiness is paramount - Value of NCW will lead to attacks on its
components - Computer generated forces can be used to enhance
readiness - Mirror current use
- Simulate attacks for training
- Evaluate defenses
3Network Centric Warfare (NCW)
- Paradigm for employment of forces that relies
upon information superiority to gain decisive
battlefield advantage - The key to the battlefield will be the computer
- Network and software will, of necessity, further
increase in importance as NCW increases in use - Global Information Grid (GIG) further enables NCW
- Need for training to use NCW resources and to
recognize attacks - Also selection of countermeasures
- This capability is currently lacking
- Simulation can play a role in its development
4Cyber Warfare
- Attacks on systems, network, software, digital
data - Via any portal or the internet
- Events occur at high speed, much faster than
human thought processes - Rapid change in attack vectors
- Current lack of metrics to measure defense
effectiveness - Difficult to develop and maintain situation
awareness - Difficult to predict future activity in
cyberbattlespace - High degree of vulnerability to intended and
unintended effects of cyberspace actions - Hence - training is difficult and access to
real-world facilities is limited due to potential
for unintended harm
5CyberWarfare Defense
- Defend against attack
- Assess attack
- Respond to attack
- Resilient and robust
- Development and evaluation of defensive
techniques expensive in real world - Due to scale
- Due to lost bandwidth for actual activities
- Poor science - hard to replicate experiments
- Hence ? Need for use of simulation
6Cyber Warfare Defensive Response
- Determine if attack is underway
- Characterize attack
- Counteract
- Respond
7Cyberwarfare Distributed Simulation
- Evaluate cyber science /cyber defense
technologies - Evaluate tools
- Training
- Develop and test strategies and tactics
- Layered, integrated defenses
- Today, evaluated in isolation simulation permits
evaluation in the complex mileau of real-world
GIG - Develop and test analytical, decision support,
and response tools used by defense - Develop command and control tools
- Situation awareness and automated response
- Assessment of objectives
8Why Cyber Warfare Simulation?
- Currently lack insight into side effects,
vulnerabilities, and effectiveness of their
defense systems - Needs to change if defense is to counter attacks
of tomorrow - Can provide a standardized environment within
which to test and measure defensive effectiveness - Encourage teamwork and facilitate rapid sharing
of results - Can provide insight into defense effectiveness
and aid in metrics development - Insight into tool operation in a variety of
circumstances - Help to estimate future attacks
- But there is a need for a standard attack system
9The Unified Modeling Language (UML)
- UML - Unified Modeling Language
- A standardized graphical language for developing
architectural specifications for systems. - Permits unambiguous, modular, incremental
specification - Possess precise semantics, and support
exploitation of the capabilities of graphics and
text to communicate - Composed of three primitive elements
- Things, relationships, and diagrams
- Things - the major abstractions
- Relationships - tie things together
- Diagrams - document things and their
relationships - Can document functionality, capabilities, and
requirements - Static and Dynamic models
10UML (cont.)
- Diagrams - class, object, use case, sequence,
collaboration, statechart, activity, component,
deployment - Use case - depicts how the system, users, and
classes interact to accomplish a task - shows a set of use cases and the set of entities
involved in each use case - Interaction - either sequence or collaboration
- Shows the set of objects, relationships and
messages passed between them - Sequence diagram emphasizes timing sequence
- Collaboration diagram emphasizes the transmission
and reception of message - Views
- Use case view - depicts how the system behaves
from the point of view of a user - Design view - the parts of the system provided
using interaction, statechart, and activity
diagrams
11Advantages and Disadvantages of UML
- Advantages
- Standardized
- Large set of constructs
- Extensible
- Supports modern software development strategies
- Visualize components of the system and their
relationships - Comprehend how the system should operate
- Disadvantages
- Time consuming
- No explicit documentation of security
12eXtensible Markup Language
- Used to as meta-language for knowledge base
- Flexible
- Designed to support customization
- Widely used and standardized
- Precise in its definition of a document and for
the ordering of a documents contents - Supports web-based linkage of external files
- Supports multi-part and distributed documents
- Readable by human and computer
- Stylesheets support human examination of
transmission
13Analytical Approach Overview
- Combine the Unified Modeling Language (UML) and
the eXtensible Markup Language (XML) - Two widely used standards that can be exploited
- UML to provide broad and comprehensive
documentation of requirements - Better management of development
- Improve the description of capabilities
- Aid in validation of behaviors
- Enable reuse
- Capability to integrate, exploit, and incorporate
advances - XML to supplement/complement UML with standard
annotations - Additional insight into requirements as well as
aid to testing and validation
14Cyberwarfare Training Objectives
- Must determine targets and likely attack
techniques - Unaddressed to date
- Suggest modeling using UML
- Must identify vulnerable portions of systems and
critical portions of systems - Aid in prioritizing threats
- Again, UML can aid
- In general, most serious of attacks aimed at
interfaces - But not all, important class aims at replacing
code but most still claim an interface first - Needs to be system specific, operator specific,
and mission specific
15Potential Solution
- Cyber Warfare Opposing Force - CW OPFOR
- Improved computer-generated forces, information
assurance, and software protection knowledge are
enablers - Information warfare cyber red team
- Prepare all command echelons for cyberbattlespace
- Suitable for training and testing
- Flexible, innovative exploits across the entire
cyberbattlespace - Ease of assembly and modification of the cyber
red team - Indistinguishable from human conducted exploits
16Introduction to CGAs
- A CGA is an entity in a simulation environment
that exhibits intelligence in its movement and
choices - Generally not an aggregate, instead is a single
actor - Can increase the complexity and realism of a
simulation environment without incurring the
expense and inconvenience of using humans to
control all (maybe thousands) of the actors in
the environment - Only the actors of interest for training,
acquisition, analysis, etc are controlled by a
human - Correct behaviors and realistic choices are
essential for a CW OPFOR CGA to achieve its
purposes
17CyberThreat Identification
- Two components
- Identification of targets and their priorities
- Identification of techniques and tactics likely
to be employed - Must be aware of how each type of attack proceeds
- Can identify techniques and tactics is
development of threat cases using UML - Need to document knowledge needed to execute
attack - Must be an accurate portrayal of each attack to
insure a positive and not negative training
outcome - 21 classes of attacks identified to date
18Conclusions and Future Work
- Discussed need and requirements for cyber warfare
training as well as for distributed training
systems - Transition to GIG coupled with NCW will make
information even more valuable - Must be ready to deal with attacks
- Need to train to prepare for attacks that are
likely as value of NCW resources increases - Information superiority will be a key objective
- Differentiate between attack and failure
- Need to prioritize training
- Need new defense strategies
- Improve software protection
- Need cyber red team for training and evaluation