Cyberwarfare Distributed Training Considerations and Requirements for Operators in Network Centric W

1
Cyberwarfare Distributed Training Considerations
and Requirements for Operators in Network Centric
Warfare
2
Introduction Motivation

• US military undergoing a massive shift in its
  approach to warfare
• Small, powerful, directed
• High speed
• Push and post of information
• Reliance on the network - Network Centric Warfare
• Places unprecedented reliance upon information
• Makes information systems a tempting target
• Given importance of information operations,
  readiness is paramount
• Value of NCW will lead to attacks on its
  components
• Computer generated forces can be used to enhance
  readiness
• Mirror current use
• Simulate attacks for training
• Evaluate defenses

3
Network Centric Warfare (NCW)

• Paradigm for employment of forces that relies
  upon information superiority to gain decisive
  battlefield advantage
• The key to the battlefield will be the computer
• Network and software will, of necessity, further
  increase in importance as NCW increases in use
• Global Information Grid (GIG) further enables NCW
• Need for training to use NCW resources and to
  recognize attacks
• Also selection of countermeasures
• This capability is currently lacking
• Simulation can play a role in its development

4
Cyber Warfare

• Attacks on systems, network, software, digital
  data
• Via any portal or the internet
• Events occur at high speed, much faster than
  human thought processes
• Rapid change in attack vectors
• Current lack of metrics to measure defense
  effectiveness
• Difficult to develop and maintain situation
  awareness
• Difficult to predict future activity in
  cyberbattlespace
• High degree of vulnerability to intended and
  unintended effects of cyberspace actions
• Hence - training is difficult and access to
  real-world facilities is limited due to potential
  for unintended harm

5
CyberWarfare Defense

• Defend against attack
• Assess attack
• Respond to attack
• Resilient and robust
• Development and evaluation of defensive
  techniques expensive in real world
• Due to scale
• Due to lost bandwidth for actual activities
• Poor science - hard to replicate experiments
• Hence ? Need for use of simulation

6
Cyber Warfare Defensive Response

• Determine if attack is underway
• Characterize attack
• Counteract
• Respond

7
Cyberwarfare Distributed Simulation

• Evaluate cyber science /cyber defense
  technologies
• Evaluate tools
• Training
• Develop and test strategies and tactics
• Layered, integrated defenses
• Today, evaluated in isolation simulation permits
  evaluation in the complex mileau of real-world
  GIG
• Develop and test analytical, decision support,
  and response tools used by defense
• Develop command and control tools
• Situation awareness and automated response
• Assessment of objectives

8
Why Cyber Warfare Simulation?

• Currently lack insight into side effects,
  vulnerabilities, and effectiveness of their
  defense systems
• Needs to change if defense is to counter attacks
  of tomorrow
• Can provide a standardized environment within
  which to test and measure defensive effectiveness
• Encourage teamwork and facilitate rapid sharing
  of results
• Can provide insight into defense effectiveness
  and aid in metrics development
• Insight into tool operation in a variety of
  circumstances
• Help to estimate future attacks
• But there is a need for a standard attack system

9
The Unified Modeling Language (UML)

• UML - Unified Modeling Language
• A standardized graphical language for developing
  architectural specifications for systems.
• Permits unambiguous, modular, incremental
  specification
• Possess precise semantics, and support
  exploitation of the capabilities of graphics and
  text to communicate
• Composed of three primitive elements
• Things, relationships, and diagrams
• Things - the major abstractions
• Relationships - tie things together
• Diagrams - document things and their
  relationships
• Can document functionality, capabilities, and
  requirements
• Static and Dynamic models

10
UML (cont.)

• Diagrams - class, object, use case, sequence,
  collaboration, statechart, activity, component,
  deployment
• Use case - depicts how the system, users, and
  classes interact to accomplish a task
• shows a set of use cases and the set of entities
  involved in each use case
• Interaction - either sequence or collaboration
• Shows the set of objects, relationships and
  messages passed between them
• Sequence diagram emphasizes timing sequence
• Collaboration diagram emphasizes the transmission
  and reception of message
• Views
• Use case view - depicts how the system behaves
  from the point of view of a user
• Design view - the parts of the system provided
  using interaction, statechart, and activity
  diagrams

11
Advantages and Disadvantages of UML

• Advantages
• Standardized
• Large set of constructs
• Extensible
• Supports modern software development strategies
• Visualize components of the system and their
  relationships
• Comprehend how the system should operate
• Disadvantages
• Time consuming
• No explicit documentation of security

12
eXtensible Markup Language

• Used to as meta-language for knowledge base
• Flexible
• Designed to support customization
• Widely used and standardized
• Precise in its definition of a document and for
  the ordering of a documents contents
• Supports web-based linkage of external files
• Supports multi-part and distributed documents
• Readable by human and computer
• Stylesheets support human examination of
  transmission

13
Analytical Approach Overview

• Combine the Unified Modeling Language (UML) and
  the eXtensible Markup Language (XML)
• Two widely used standards that can be exploited
• UML to provide broad and comprehensive
  documentation of requirements
• Better management of development
• Improve the description of capabilities
• Aid in validation of behaviors
• Enable reuse
• Capability to integrate, exploit, and incorporate
  advances
• XML to supplement/complement UML with standard
  annotations
• Additional insight into requirements as well as
  aid to testing and validation

14
Cyberwarfare Training Objectives

• Must determine targets and likely attack
  techniques
• Unaddressed to date
• Suggest modeling using UML
• Must identify vulnerable portions of systems and
  critical portions of systems
• Aid in prioritizing threats
• Again, UML can aid
• In general, most serious of attacks aimed at
  interfaces
• But not all, important class aims at replacing
  code but most still claim an interface first
• Needs to be system specific, operator specific,
  and mission specific

15
Potential Solution

• Cyber Warfare Opposing Force - CW OPFOR
• Improved computer-generated forces, information
  assurance, and software protection knowledge are
  enablers
• Information warfare cyber red team
• Prepare all command echelons for cyberbattlespace
• Suitable for training and testing
• Flexible, innovative exploits across the entire
  cyberbattlespace
• Ease of assembly and modification of the cyber
  red team
• Indistinguishable from human conducted exploits

16
Introduction to CGAs

• A CGA is an entity in a simulation environment
  that exhibits intelligence in its movement and
  choices
• Generally not an aggregate, instead is a single
  actor
• Can increase the complexity and realism of a
  simulation environment without incurring the
  expense and inconvenience of using humans to
  control all (maybe thousands) of the actors in
  the environment
• Only the actors of interest for training,
  acquisition, analysis, etc are controlled by a
  human
• Correct behaviors and realistic choices are
  essential for a CW OPFOR CGA to achieve its
  purposes

17
CyberThreat Identification

• Two components
• Identification of targets and their priorities
• Identification of techniques and tactics likely
  to be employed
• Must be aware of how each type of attack proceeds
• Can identify techniques and tactics is
  development of threat cases using UML
• Need to document knowledge needed to execute
  attack
• Must be an accurate portrayal of each attack to
  insure a positive and not negative training
  outcome
• 21 classes of attacks identified to date

18
Conclusions and Future Work

• Discussed need and requirements for cyber warfare
  training as well as for distributed training
  systems
• Transition to GIG coupled with NCW will make
  information even more valuable
• Must be ready to deal with attacks
• Need to train to prepare for attacks that are
  likely as value of NCW resources increases
• Information superiority will be a key objective
• Differentiate between attack and failure
• Need to prioritize training
• Need new defense strategies
• Improve software protection
• Need cyber red team for training and evaluation