Enable breadcrumbs token at /includes/pageheader.html.twig

Defense Researchers Developing National Cyber Test Range

In a few years, a dedicated simulation zone will allow security application testing to occur under real-world conditions. Researchers will be able to create and evaluate network architectures rapidly using a variety of pressures and then to develop responses based on the collected data. The testing zone will simulate a range of user and network behaviors, allowing researchers to understand better how cybersecurity and situational awareness tools function in complex environments.

In response to the increasing number and sophistication of cyberattacks affecting U.S. government and defense cyber infrastructures, the Bush administration signed the Comprehensive National Cyber Initiative (CNCI) in 2008. The CNCI requires the creation of a dedicated testbed to verify security systems and to share research data with the information technology and security communities to improve national security.

These requirements resulted in the National Cyber Range (NCR) program. Managed by the Defense Advanced Research Projects Agency (DARPA), the range will serve several purposes: assess information assurance and survivability tools in a network environment; replicate complex, heterogeneous networks; enable multiple, independent, simultaneous experiments on the same infrastructure; and apply the scientific method for rigorous cybertesting.

It will offer scientists a single place to conduct comprehensive research on cybersystems, something that is currently lacking, explains NCR program manager Dr. Michael VanPutte. “Like any area of interest, such as biology or physics, you need a microscope, a particle accelerator or some kind of system to test and measure how effective you are in that field,” he says. “We need the same thing in cyber, and we don’t have that.”

VanPutte shares that current technology developments in cybersecurity have been incremental rather than revolutionary. Because testbed results are based on the need to test other programs, little research has been conducted to improve testbeds specifically. 

A revolution in virtual testing would greatly improve and increase researchers’ ability to produce solutions and deploy them more quickly. The goal of the NCR is to move testing ahead by a quantum leap. But to achieve this goal, VanPutte notes that a number of technical areas must be addressed.

Such challenges include the ability to control all system resources automatically and to assign them across multiple tests and security levels. Another step is to develop an automated method that allows researchers conducting tests to configure the evaluations, run them, collect results, reset them and sanitize the results.

VanPutte believes a key feature of automation will be a graphical user interface that allows test directors to use a drag-and-drop feature to quickly lay out a network architecture, its hosts, system latency, environmental characteristics and if required, the type of red team. After this infrastructure is created, it can be tested immediately. This would be a dramatic change from the current situation, where it can take weeks and months to build architectures, he says.

Another area of cyberdefense that the NCR might help develop is cyber situational awareness. VanPutte explains that situational awareness tools can be brought into the test range and tested to compare their performance. 

The NCR will test and assess the growing complexity of networks. As networks become more sophisticated, they begin to resemble biological systems in the ways they react to changes in their operating environment. By affecting the speeds of different network processes, researchers will have a better understanding of how anomalies occur in advanced systems.

When the NCR is complete, DARPA will transfer its administration to another organization. How the simulation space is operated, and whether it will host collaborative exercises, will be up to the partner. VanPutte notes, however, that DARPA is bringing the network security and cyber research community together to develop and plan these processes.

The NCR will not address specific national cyber challenges. “We’re not going to solve the cybersecurity challenges. The cyber range is an environment for other researchers to come and test their solutions,” VanPutte maintains. 

 

Read an expanded version of this article in the May 2009 issue of SIGNAL Magazine, in the mail to AFCEA members and subscribers May 1, 2009. For more information about purchasing this issue, joining AFCEA or subscribing to SIGNAL, contact AFCEA Member Services.