As a direct result of the cyberthreats America is facing on a daily basis, new policies at the senior executive level at the Office of the Secretary of Defense (OSD), particularly the Office of the Director, Operational Test and Evaluation (DOT&E), are requiring all new acquisition programs to include a cyber-security test sequence that is tied to major milestones within the program acquisition cycle.
Michael Winslow, Space and Naval Warfare Systems Center Pacific’s Cyber TASE joint program manager, said the mandate enables the center to be the Armed Forces Technical Authority for cybertesting of acquisition programs.
“We need to confirm the Navy’s systems are robust enough, and to understand and quantify how those threats can impact our systems and where they can be injected into the system - particularly before Milestone C (fielding), all acquisition programs will have to undergo developmental cybertesting during which the program is subjected to controlled cyberthreats in a laboratory environment.
“This is to make certain the threats do not break the program while also learning how the threats can impact the program,” Winslow explained.
The Cyber Test Analysis and Simulation Environment (TASE) enhances the testing of cybertesting analysis capabilities and modeling and simulation tools to meet the stringent requirements and needs that the Department of Defense for cybertesting.
Cyber TASE’s capabilities will be validated through a series of formal distributed tests to ensure both maximum effectiveness and optimal ease of use and interactivity.
Cyber TASE’s mission is to fill the capability gaps identified by the Test and Evaluation (T&E) Reliance process. These capability gaps result from a lack of effective instrumentation that understands the impacts of the cyberthreat on the system under test (SUT) and the lack of a constructive simulation environment interoperable with the Live-Virtual-Constructive (L-V-C) frameworks that simulate campaign- and theater-level operational scenarios.
SSC Pacific’s Role
SSC Pacific is in charge of overseeing the entire Cyber TASE effort in addition to running the L-V-C portion of the program.
Cyber TASE will solve these two capability gaps by developing an integrated instrumentation suite for deployment on the Joint Mission Environment Test Capability (JMETC) 2.0 network. This network can assess how cyberthreats operationally impact the system under test and enhance the existing constructive cybertest simulation capabilities to simulate cyber vulnerabilities of operational networks/applications, as well as analyze the impacts of cyberthreats on operations.
In addition, researchers are actively developing cybertools to allow deeper cybertesting or penetration testing prior to application deployment. These tools will provide more secure capabilities to the warfighter with more well-known cyber gap analysis and constructive modeling and simulation capability that models operational scenarios and shows the impact of various cyberthreats against the mission.
To develop an operational understanding of the impacts cyberthreats have on the system under test, Cyber TASE is developing integrated instrumentation to test command and control (C2) and enterprise applications.
Current instrumentation isn’t integrated across multiple layers or various data collection sources and doesn’t conduct near real-time analysis or produce relevant measures of effectiveness (MoEs)/measures of performance (MoPs) or reports.
The instrumentation capability will tie data collected on the network, hosts, and tactical data links (TDLs) and feed heuristics (which technically means performance summarizations) into a correlation and analysis engine.
The correlation and analysis engine will process the events and triggers against ground truth data provided by the coordination team and the threat representation team to create an understanding of the unfolding test. The data will then be overlaid into a visualization tool that will depict the elements involved in the test, the threat as detected and provided by the threat representation team, and the impact that the interjected threat has on the system under test and its ability to complete its mission.
The analysis capability will strengthen the capabilities to provide support to the programs requiring cyber testing at hosting facilities such as the National Cyber Range (NCR) or Regional Service Delivery Points (RSDPs).
Within the domain of L-V-C simulation environments, Cyber TASE focuses on enhancing the constructive simulation environment. This environment will enable the user to simulate the impact of a cyberthreat within a campaign- or theater-level context.
These specific developmental efforts are designed to make the constructive simulator easier to use by providing predefined platform and application models for each military service. In addition, Cyber TASE will expand the predefined attack and vulnerability model libraries and ease the process of creating new models.
Finally, Cyber TASE will improve the analysis and visualization (both near real-time and offline) of the simulation results to more readily define and view the impacts to the mission. The focus of the Cyber TASE efforts is to mature and expand the Stealthnet capabilities beyond the U.S. Army focus that was used for the first four phases of the Stealthnet project. Please see the sidebar at the end of the article for information about how Cyber TASE aligns closely with the cyber efforts of the Test Resource Management Center.
The Way Ahead
Cyber TASE capabilities will be tested and refined in a demonstration of its capabilities. The annual demonstration will be conducted as the various capabilities are developed and integrated. The demonstration will also increase in complexity as it progresses.
For the first year’s demonstration, the demonstration will start out as a localized Navy-only exercise. For the second year, the scope will increase to becoming a Navy/Defense Information Systems Agency (DISA) joint demonstration. Subsequently, the final capability demonstration will have the full-service Army/Air Force/Navy/DISA participation.
The demonstration will be developed based upon operational mission threads extracted from a Defense planning scenario and will assess how the various cyberthreats preclude the United States’ capability to successfully conduct the necessary mission activities within the thread.
The focus will be to establish a situational awareness picture and will leverage the Global Command and Control Systems (GCCS) family of systems (FoS). It will include the necessary and relevant components of the requisite systems that are absolutely necessary to host GCCS. For example, in the Navy, the Consolidated Afloat Network and Enterprise Services (CANES) system provides the hosting environment and Automated Digital Networking System (ADNS) provides the ship-to-shore interconnectivity.
Cyber TASE will leave behind capabilities at each demonstration site, but the goal is to field Cyber TASE within existing infrastructure that will be accessible to users via the JMETC 2.0 network and that can be leveraged at key sites including the National Cyber Range and Regional Service Delivery Points.
For more information about Space and Naval Warfare Systems Center Pacific, please visit: http://www.public.navy.mil/spawar/Pacific/Pages/default.aspx.
S&T Stealthnet is a science and technology (S&T) research project and is developing the underlying technologies for cybersimulation; however, it is Army-centric because the use cases are derived from Army mission threads and requires additional focus on usability and rapid scenario creation and analysis.
Stealthnet simulates an Army Brigade Combat Team soldier radio waveform (SRW)/wideband networking waveform (WNW)-based network in the context of Army Network Integration Evaluation (NIE) with interfaces into a larger LVC scenario; provides limited, but representative, threat models to simulate attacks into all protocol stacks of the network; and has a limited set of embedded tools to provide data collection, analysis, and visualization to assess that network’s ability to withstand computer network attacks.
Cyber TASE expands on the capabilities developed in the Stealthnet S&T project. It creates model object repositories applicable to Army, Air Force, Navy, and DISA, increasing the attack and vulnerability model frameworks. These repositories ease the process of adding in new attacks/vulnerabilities; developing the simulation instrumentation and visualization environment to expedite the simulation analysis process; and developing modeled scenarios that are derived from operation mission threads for the services to show how cyberthreats impact an operational scenario.
The National Cyber Range (NCR) provides a large test hosting environment that can be used by various customers for providing computation and network resources to support their test. The NCR can run concurrent tests at varying security levels due to its Layer 1 switch and rapidly configure and sanitize the test range via its test specification tool (TST) and sanitization processes.
The TST also provides a visual of the test configuration. Cyber TASE will deliver integrated automated instrumentation with real-time analysis capability at the NCR. Cyber TASE will augment the NCR by providing a constructive simulation environment that will model entire operational scenarios to tie how cyberattacks impact mission operations.
JMETC 2.0 provides the interlab infrastructure necessary to conduct distributed cyber testing. It works at various security levels and provides cloud services that support the testing exercises (including cybertesting). JMETC 2.0 is the planned capability that will provide lab interconnectivity during the Cyber TASE demonstrations. JMETC 2.0 will also be the vehicle by which users could access the Cyber TASE capabilities once deployed.
Regional Service Delivery Points (RSDPs) provide a modular, small data center for hosting cybertests. The RSDPs are an essential component to the JMETC 2.0 infrastructure, hosting several of the cloud services provided by JMETC 2.0. RSDPs are considered one of the strong candidates as fielding sites for Cyber TASE’s full operational capabilities.
InterTEC provides tactical data link instrumentation and its focus is on interoperability. Cyber TASE is considering using Interoperability Test and Evaluation Capability (InterTEC) tools such as the Joint Interoperability Modular Evaluation System (JIMES), the Joint Analysis Net-Centric Evaluation Testing Toolkit (JANETT), and the Mixed Methods Appraisal Tool (MMAT) as part of the technical solution to instrumenting and analyzing the tactical data links and will integrate these capabilities into the cybertest instrumentation suite.