The Army is analyzing cyberspace requirements and outlining potential technical investments based on its Cyber Materiel Development Strategy, released in February 2015.
Doctrinal, operational, acquisition and research and development communities, for Army materiel development, worked together for more than two years on the comprehensive strategy, which looks at where Army cyberspace capabilities are and what lies ahead.
“The Army must be prepared to operate and fight within the cyberspace domain,” said Assistant Secretary of the Army for Acquisition, Logistics and Technology Heidi Shyu. “It is essential … that we use our limited acquisition and science and technology resources to identify and address critical Army specific problem sets and capability gaps. Where possible, we must leverage the best solutions and ideas available through our partnerships and collaboration within the Department of Defense, other government agencies, industry and academia.”
Shyu appointed Henry Muller, director of the U.S. Army Communications-Electronics Research, Development and Engineering Center, or CERDEC, as the Army Cyber Task Force lead.
“In less than two decades, cyberspace has radically transformed how the Army operates and wages war,” Muller said. “Unlike the other physical domains, cyberspace will continue to grow and is projected to reach over 100 billion connected devices within just the next 10 years.”
“These monetary and technological investments may determine how dominant the Army will remain in the future,” Muller said.
The Department of Defense has identified cyber as an operational domain much like air, land, maritime and space; however, no military service has been assigned the cyber domain. Additionally, the Army still operates in a fiscally-constrained environment, where spending and allocation of resources cannot address all aspects of cyber, said Giorgio Bertoli, CERDEC Intelligence and Information Warfare Directorate, acting chief scientist and lead action officer for the strategy.
“Cyber is hard to predict,” Bertoli said. “One of the challenges is the technology turnover rate is very high. Adoption for new technology is also increasing as the public becomes more and more comfortable embracing new technological advancements.”
“You can predict that processing power is going to keep increasing; you can keep predicting bandwidth wired and wireless, is going to keep going up; you can predict new technologies like quantum computing will eventually come to pass,” Bertoli said. “The hard part to predict is how are they going to be used? What are the new applications these technical advances are going to enable?”
CYBER FOR TACTICAL OPERATIONS
The Army identified that it needs to make advances in several Army-unique problem sets. One such area is the Army’s tactical operations center, where military specific operations occur. While its enterprise level network is similar to commercial businesses, the tactical network faces military-unique defensive and offensive challenges.
Tactical networks have limited bandwidth with high-bit error rates, high latency, intermittent connectivity, and roaming infrastructure and users.
“On top of that, you have other related data like mission command data that are passing over these very limited bandwidth channels to begin with. Any security you pass over these channels degrades what other traffic they can send,” said Steven Lucas, chief engineer, CERDEC Space and Terrestrial Communications Directorate, Cyber Security and Information Assurance Division.
The Army is unique in that it operates for extended periods within adversarial environments.
“We’re highly reliant on distributed communications systems, which are more prone to interception because you are in close proximity to the enemy within radio line of sight range,” Bertoli said.
INTRUSION DETECTION AND NETWORK DEFENSE
One aspect of defending the tactical network includes intrusion detection.
“Intrusion detection allows a sensor to detect potentially malicious activity on a specific node, such as a handheld device or a laptop, and limit the user’s capabilities,” Lucas said.
“With respect to intrusion detection, you have sensors that are doing the detection of malicious activity, either on the network or at the host level, and whenever they detect something they feed it up to this higher authority,” Lucas said. “Because of our environment, that connection between the authority and the actual detector may not always be there.”
If the intrusion detection sensor spots potential malicious code on a handheld device, it might limit data transmission capabilities but still allow the Soldier to use the voice capabilities. The intrusion detection software would continue to monitor the device before determining if it needs to come off the network.
Another aspect of defending the network includes software assurance. Typically, one vendor does not develop code for single software application, but rather multiple vendors contribute to the code and then integrate it into one package.
CERDEC and the U.S. Army Research Laboratory have developed various techniques, such as fuzzing, to analyze binary code to identify potential holes in the software.
“Fuzzing is where you throw garbage at the executable code and try to get the software to do something that it wasn’t designed to do,” Lucas said. “Then through analysis, you can see if there was a buffer overflow or a memory leak where now it opens a potentially exploitable window into that software.”
From the research and development side, CERDEC wants to perform the majority of software analysis upfront before the system is fielded. Not only will it protect Soldiers from using vulnerable software, but it will also save the Army time and money in development and sustainment.
“Software analysis is a continuous process you need to do, and then we also have developed capabilities to where ultimately we don’t want to wait to the very end just before the application goes out to the field,” Lucas said. “Do it up front, do it during the actual coded development and writing, where you can ultimately save.”
Based on a calculation done on a mission command application, if a vulnerability in a system was found during the development cycle instead of the pre-deployment phase, the government could save roughly $30 million over the entire program lifecycle, he said.
ACCESS CONTROL AND IDENTITY MANAGEMENT
An additional tactical concern is access control and identity management at all levels across the network, as there may be a mixture of cleared and uncleared users.
Most employees associated with the government are familiar with the Common Access Card, or CAC, which allows two-factor identification to gain access to government-issued computers.
This form of two-factor identification works adequately for stationary systems in an enterprise and non-dynamic environment, such as an office cubicle; however, a CAC is not the most practical access control and identity management tool for many environments, Lucas said.
“Ultimately how you come up with or maintain that trust consistently across the network is very hard to do,” Lucas said. “From a device perspective, the user needs to have trust in the device, which provides the information to them to make decisions. You want to ensure that nobody can just add a device of their own, like an enemy laptop, to the network. You want the devices themselves to be trusted.”
CERDEC is working with project managers and the chief information officer/G6 to research, design, develop, and test state-of-the-art identity management systems, which will work in the unique tactical environment.
OFFENSIVE CYBER OPERATIONS
The Army Cyber Strategy calls for the continued effort to further protect its tactical networks, but it also calls for research and development on how the Army can leverage its own sensors and exploit enemy capabilities.
“Offensive Cyberspace Operations provide a military commander a non-kinetic capability option that eliminates or minimizes the physical damage caused by other traditional forms of military engagement,” Bertoli said.
“One of the key things we’ve been pushing for a while now is that we need to do a better job of leveraging our tactical assets to improve CEMA [cyber electromagnetic activities] situational awareness,” Bertoli said.
As part of the strategy, the Army will continue to determine how it can best leverage sensors that are already in the field to enable such cyber capabilities.
RESEARCH INFRASTRUCTURE
To make these offensive and defensive advances, the Army needs to base its development on a modular and flexible architecture to ensure it can keep with the continually increasing advancements in cyberspace.
It is impractical for the Army to chase after every new technology to defeat it; however, it is possible and fundamentally important to further develop architecture frameworks, which will minimize the amount of new code needed to deal with new technologies, Bertoli said.
“In order to achieve this, you need to have some pretty extensive laboratory infrastructure like we have here at APG [Aberdeen Proving Ground], and those labs have to be constantly updated to keep up with the churn of technology,” Bertoli said.
“Though a great first step, the Army is still working at defining its role and doctrine as related to cyberspace operations. This, coupled with the rapid pace of technical innovation within the domain will require the S&T [science and technology], operational, doctrinal and acquisition communities to maintain close working relationship and to ensure this strategy remains current,” Bertoli said.