Email this Article Email   

CHIPS Articles: Increased Cyber-Security through Data Analytics: The Cyber Tactical Assessment Kit

Increased Cyber-Security through Data Analytics: The Cyber Tactical Assessment Kit
By DON Innovation - April-June 2017
The United States of America is challenged with defending against advanced malicious threats in cyberspace. Cyber Protection Teams (CPTs) operating under United States Cyber Command (USCYBERCOM) have been tasked with defending the Department of Defense Information Network (DODIN). The rapid growth of CPTs within the DoDIN helped to identify fundamental challenges for conducting Defensive Cyberspace Operations.

Early in their implementation, CPTs lacked standardized operational equipment to accomplish mission essential tasks. Commercial off-the-shelf (COTS) network analysis systems proved inadequate for scaling to the DoDIN and for identifying advanced, nation-state threats. The development of the Cyber Tactical Assessment Kit (C-TAK), a custom network sensor, enabled CPTs to conduct advanced, comprehensive data analysis for cyber threat identification and mitigation.

The United States of America is challenged with defending against advanced malicious threats in cyberspace. Cyber Protection Teams (CPTs), operating under United States Cyber Command (USCYBERCOM), have been tasked with defending the Department of Defense Information Network (DoDIN). The rapid growth of CPTs within the DoDIN helped to identify fundamental challenges for conducting Defensive Cyberspace Operations.

Early in their implementation, CPTs lacked standardized operational equipment to accomplish mission essential tasks. Commercial off-the-shelf (COTS) network analysis systems proved inadequate for scaling to the DODIN and for identifying advanced, nation-state threats. The development of the Cyber Tactical Assessment Kit (C-TAK), a custom network sensor, enabled CPTs to conduct advanced, comprehensive data analysis for cyber threat identification and mitigation.

Finding anomalies and malicious activity is a difficult and complicated process in high-throughput network environments. The engineering solution for the C-TAK proved critical for providing flexible, real-time analytics of data streamed from high-throughput computer networks. New innovations resulted in a tailored implementation of a no-cost and open-source network visualization software tool, which rapidly configured a deployed network sensor and conducted real-time analytics using dynamic visual dashboards.

The C-TAK team harnessed their advanced knowledge in graphology, network security, and adversarial threat modeling to produce network data representations which empowered junior analysts to detect advanced malicious threats. The unique approach on real-time network data exponentially reduced the time, effort, and skill level required to identify malicious activity, resulting in an enhanced ability to defend the DoDIN. The visual capability provided by C-TAK delivered a Cyber Operational Picture to better communicate and articulate risk to Operational Commanders.

The analytic methodologies incorporated into C-TAK were developed in parallel with network defense sensor technology that was being developed by Space and Naval Warfare Systems Command (SPAWAR). C-TAK’s superior performance justified a SPAWAR contract realignment, saving the Navy money while doubling the number of network analysis systems that will be available for CPT operations in Fiscal Year 2017.

C-TAK enables analysis to identify malicious cyberspace activity in a fraction of the time as previous methods. Prior to the creation of C-TAK, it required a significant amount of time to manually analyze and sift through data. Analysts are also empowered to detect more covert malicious activity than was previously feasible using alternative systems. Additionally, the real-time network data analytics significantly reduced the time required to train new analysts.

The analytic methodologies incorporated into C-TAK were developed in parallel with network defense sensor technology that was being developed by Space and Naval Warfare Systems Command (SPAWAR). C-TAK’s superior performance justified a SPAWAR contract realignment, saving the Navy money while doubling the number of network analysis systems that will be available for CPT operations in Fiscal Year 2017.

The Navy adopted C-TAK as the standard network analysis system and all CPTs have since been equipped with this innovative warfighting capability. The real-time network data analytics reduced the time required to train new analysts from an average of four months to less than one month. Furthermore, analysts using C-TAK are able to detect more covert malicious activity than was previously feasible using alternative systems.

C-TAK has been deployed in ten cyber defense exercises and five incident response operations. It has also been used to certify five CPTs as having attained Full Operational Capability and has enabled the identification of a malicious botnet on a forward-deployed tactical unit. C-TAK has been adopted by CPTs operating throughout the world. This advanced capability has directly contributed to an enhanced network security posture across the DoDIN.

CTN1 Forrest N. Perez received the 2016 Secretary of the Navy (SECNAV) Innovation Award in the Data Analytics category in a prestigious ceremony officiated by Mr. Thomas Dee, performing the duties of the Under Secretary of the Navy, on 5 June 2017.

The SECNAV Innovation Awards recognize the top innovators within the Department of the Navy (DON). Their accomplishments are remarkable and serve as inspiration for the Navy and Marine Corps to think boldly and solve the fleet and the force’s most challenging problems.

Join DON Innovation on https://www.facebook.com/NavalInnovation or @DON_Innovation or visit the DON Innovation website at http://www.secnav.navy.mil/innovation/Pages/Home.aspx. Email DON Innovation: DON_Innovation@navy.mil

Ford Island, Oahu, Hawaii  -- CTN1 Forest Perez providing instruction on Kibana dashboard visualizations for data analytics. U.S. Navy Photo by Information Systems Technology Chief Petty Officer Jeffrey M Carlisle Jr.
Ford Island, Oahu, Hawaii -- CTN1 Forest Perez providing instruction on Kibana dashboard visualizations for data analytics. U.S. Navy Photo by Information Systems Technology Chief Petty Officer Jeffrey M Carlisle Jr.

Washington, DC -- CTN1 Forrest N. Perez receives 2016 SECNAV Innovation Awards trophy from Mr. Thomas Dee, performing the duties of the Under Secretary of the Navy. U.S. Navy photo by Mass Communication Specialist 2nd Class Jonathan B. Trejo/Released
Washington, DC -- CTN1 Forrest N. Perez receives 2016 SECNAV Innovation Awards trophy from Mr. Thomas Dee, performing the duties of the Under Secretary of the Navy. U.S. Navy photo by Mass Communication Specialist 2nd Class Jonathan B. Trejo/Released
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy
CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988