Artificial intelligence (AI), automation, and the cloud, have the potential to support command and control (C2) in the cyberspace domain government and industry leaders said during a panel discussion at the annual Armed Forces Communications and Electronics Association’s Defensive Cyberspace Operations Symposium, May 16 in Baltimore.
“Our cyber environment is contested,” said panel moderator, Greg Duchak, deputy assistant secretary of defense for command and control, communications, cyber, and business systems. “Our ability to command and control our forces and work with others in this contested cyber environment will make the difference between mission success and failure.”
Rounding out the panel were Misty Blowers, cyber research leader at Air Force Research Laboratory, Rome Labs; Terry Carpenter, services development executive at the Defense Information Systems Agency; Army Col. Paul Craft, director of operations for the Joint Force Headquarters – DoD Information Network; and Dan Prieto, strategic executive at Google Cloud.
Duchak said there are no one-size-fits-all solutions to approaching C2 in defensive cyber operations (DCO), but there are critical, interrelated challenges that must be addressed.
“We need to design approaches to C2 that work well for DCO,” he said. “We need to know ourselves and to know our adversary. This means we need solid situational awareness (SA). We (also) need to focus on making mission C2 more agile so it can adapt to circumstances even in a cyber degraded environment, and we need to understand the link between DCO and our ability to exercise mission C2 in all domains.”
Speed is essential
Craft and Prieto described the similarities and differences between the cyber domain and the other warfighting domains.
“The major difference between cyber and land, air, sea, and space is that the cyber domain is a man-made domain and it can be changed,” said Craft.
Because the cyber domain can be changed, maintaining SA and C2 of the terrain and what an adversary might be doing is exceptionally challenging, he said.
The speed at which adversaries are able to adapt is much greater in the cyber domain than in physical domains, Prieto said.
“Adversaries can easily modify malware in under 24 to 36 hours,” Prieto said.
Craft agreed: Speed is key to C2 in DCO.
Events occur in cyberspace in seconds, he said. The amount of data that can be taken is dependent on how fast data can be removed, moved, or modified within the network before cyber defenders can react.
“The speed at which we can operate the network, the speed at which we can change or maintain the network, the speed at which we can secure and actively defend the network - and therefore make decisions at speed - will require some sort of artificial intelligence so that the computer provides options for when we have to have a DoD level, or even commercial, decision made,” Craft said.
“Looking for needles in haystacks”
Carpenter, who is responsible for delivering integrated enterprise services and data systems to the warfighter, said a large amount of data is constantly being acquired, and DOD requires different and novel ways to make the data consumable and usable by the warfighters.
“When you talk about petabytes of data and the analysis that has to go on, we have to provide tools that are just as responsive,” he said. “But there is a lot of challenge and risk in the way we build those applications for the C2 functions. We have to think about how to provide better tools to the user community.”
Prieto reflected on the paradox of maintaining C2 with the exceptionally large volume of data that saturates DOD’s systems.
“On the one hand, you are flooded with data, you are slow to knowledge - because of the overwhelming amount of data,” he said. “You are looking for needles in haystacks.”
Technology to support cyber C2
Carpenter said he wants to help the operator gain situational awareness (SA) faster, and automation, AI, and cloud are important elements to get to the desired end state.
“How can I help the operator to discover faster? We want to improve the speed with which the operators can discover things. So they don’t have this huge lag time in trying to sort through the big data,” Carpenter said.
Carpenter also emphasized the need to look for ways to streamline the development and adoption process for C2 tools.
“There is an appetite I have never seen before, for trying new things, to automate, to make it more predictable and to leverage things like artificial intelligence and machine learning,” he said.
Blowers agreed AI will be an essential weapon in the cyber fight.
“Because of the advancements are adversaries are making in this (AI) arena, it is imperative we also develop cyber autonomous capabilities so that we can be sure to be competitive in a future conflict,” she said.
The panel explored how cloud adoption might help with the path to improve C2 in DCO.
“When you think about cloud, the opportunity is to move to a more modern, secure, consistent, scalable environment, without having to make all the upfront investments yourself,” Prieto said. “That is what is on offer from cloud service providers.”
“Cloud needs to be an agonistic underpinning on everything we do,” Carpenter said. “More importantly, though, I listen to the warfighter, I listen to the folks trying to deal with this new domain.”
Duchak agreed that the goal of moving to the cloud must be connected to the warfighting functions.
“Cloud is more than just efficiencies; it’s about improving operations,” he said.
A joint effort
Craft said the solution to the C2 for DCO question will only come through teamwork.
“Teamwork includes working with our industry partners, working with academia, working with other agencies and combat commands and services,” he said.
Although the path forward still has many unknowns, Craft said the desired goal for C2 in DCO is a secure network.
“In the end we will have a secure network, we will know where all the data is, and we will know that it is secure and actively defended,” he said.