Enable breadcrumbs token at /includes/pageheader.html.twig

Network Situational Awareness Looms Large in Cyberspace

The key to prevailing in a hostile cyberspace environment may lie in the ability to generate a comprehensive picture of that environment. Both the military and the public sector rely heavily on cyberspace assets that are intertwined, and effective threat detection and response will need to encompass both realms.
By Robert K. Ackerman, SIGNAL Magazine

 

A sailor aboard the USS Ronald Reagan troubleshoots the videoconference aspect of the ship’s video information exchange system. High on the wish list of the U.S. Strategic Command is a broad network situational awareness capability that would provide
a common operating picture of cyberspace.

The pieces are coming together, but the puzzle is becoming more complex.

The key to prevailing in a hostile cyberspace environment may lie in the ability to generate a comprehensive picture of that environment. Both the military and the public sector rely heavily on cyberspace assets that are intertwined, and effective threat detection and response will need to encompass both realms.

The U.S. military is increasing its emphasis on cyber activities. Two services recently have stood up organizations dedicated to cyber operations, and the U.S. Strategic Command has been given the mission of ensuring U.S. freedom of action in space and cyberspace. This effort encompasses those individual service efforts as well as other far-reaching measures to maintain cyberspace operations in the face of growing and diverse threats.

Gen. Kevin Chilton, USAF, is the commander of U.S. Strategic Command (STRATCOM). He points out that, just as ground military forces need situational awareness on the battlefield, cyber forces need effective situational awareness in their domain. “We need a common operating picture of that situation—one that we can share across our military networks with all the services and COCOMs [combatant commands], but also one that we can share with the Department of Homeland Security,” he contends. “Threats to our military networks likely will come in through the Internet, so there needs to be a common operating picture of what’s going on out there in the Internet that might place a risk on not only us but also the critical U.S. infrastructure.”

The greatest impediment to achieving this situational awareness picture may well be a demand function, the general continues. “We haven’t demanded this very much because we are nascent and new,” he suggests. “Having a common operating picture for our own military networks has been an uphill struggle that I think we have crossed the bridge on—at least getting everyone to agree to do that in the past year and a half.

“Now, what I’m asking for is beyond having a common operating picture of the health, status and well-being of our internal networks—it’s what else is out there and what’s coming at us,” he explains.

“We must prepare ourselves for what I see as inevitable: that in any future conflict, future adversaries will challenge us in cyberspace—both to interrupt our cyberspace operations but also perhaps to interrupt operations in other domains.”

The general relates how the 2008 conflict between Russia and Georgia in Ossetia and Abkhazia featured cyberattacks conducted concurrent with kinetic warfare operations. This portends a cyberattack when fighting breaks out between the United States and another nation. “In the future, when conflict arises, we will see our forces challenged—not only on the battlefields of air, land and sea, but also in cyberspace in a coordinated fashion,” he predicts.

Adversaries can gain access to U.S. military networks through the Internet, which Gen. Chilton describes as “the great no-man’s land.” He adds that the threat vectors primarily come through where military networks interface with the Internet. “We have to look across the broad spectrum of threat vectors out there whenever we consider defending our network,” the general points out.

While STRATCOM, through the Defense Department, is tasked with operating and defending military networks, the Department of Homeland Security is in charge of protecting the public critical infostructure. Even though the departments have delineated areas of responsibility, Gen. Chilton offers that both groups could support each other by sharing information on threats. “You can bet that the threats posed against our military networks—the tactics, techniques and procedures, along with malware—are not necessarily specifically designed for just our networks,” he says. “They could be applied to other networks, so a close relationship between us and the Department of Homeland Security and its threat warning centers is essential for sharing threat information.”

If the U.S. critical infostructure were to come under attack, STRATCOM anticipates that it would be asked to support the Department of Homeland Security in its cyberdefense efforts, the general observes. The same would hold true if military networks came under attack. STRATCOM would be relying on support across agencies to address those network problems, he notes.

The cyberspace threat picture has not changed greatly over the past few years. Teenage hackers still are in the picture, as are cybercriminals and foreign agents. Some threats have increased in number and sophistication over the past few years. Gen. Chilton cites the criminal element as one growing threat along with that of the nation-state. A foreign government can dedicate resources ranging from training to research and development into sophisticated hardware and attack algorithms. “That is where I am starting to focus onto what we need to think about as the larger risk in the future,” the general says.

Determining the source of a cyberattack remains an elusive goal. “Attribution is a difficult thing to do in this domain, but it is not impossible,” Gen. Chilton allows. “Nor is it an area that I want to give up on.” He notes that if the United States goes to war with another nation, the level of attribution required to establish blame is not as high as it would be in peacetime. “This is an area where we want to continue to work on very hard to improve the ability we have in the attribution area today,” he adds.

 

An Air Force missile warning sensor controller receives information via telephone in the Joint Space Operations Center at Vandenberg Air Force Base, California. With space now a contested venue, its vulnerability is similar to that of cyberspace. Both the U.S. military and the public sector confront threats to what is now an environment essential to daily operations.

A growing trend that concerns the general is cyber espionage. Spies are taking information from unclassified networks such as the nonsecret Internet protocol router network (NIPRNET). The purloined information can range from personal data to other material that, while unclassified, still could be useful to an adversary in time of conflict. When conflict erupts, an adversary can be expected to use that information along with other techniques to attack U.S. networks, he offers. These attacks could range from denial-of-service onslaughts that slow a network below the point of usefulness all the way to data manipulation that misleads U.S. warfighters who think they are accessing trusted data. “These are the kind of attacks on our cyber domain in a conflict that I would worry about,” Gen. Chilton declares.

For information operations, computer network operations is a high priority to STRATCOM, as is electronic warfare (EW). Gen. Chilton relates that the command has just completed a capabilities analysis to assess EW capability shortfalls and identify areas for improvement and investment. That study already is having an effect on investments being pushed forward by the Defense Department in the program objective memorandum, the general notes.

STRATCOM also is active in EW through its work with the electromagnetic spectrum. The command is involved in decisions regarding military spectrum reallocation or sale, and the command focuses on military concerns in that arena, the general says.

The command also supports operational security (OPSEC) inspections on request. Any U.S. combatant commander worldwide can ask for an OPSEC assessment, and STRATCOM will dispatch a team to fulfill that request.

Gen. Chilton describes culture, conduct and capability as “the three Cs” of effective cyberspace security. They must be addressed simultaneously, he adds.

The cultural changes necessary to secure cyberspace draw from the introduction of the personal computer into widespread usage. Originally, personal computers and their office equivalents were mostly tools of convenience. When problems arose, a quick call to the information technologist solved the issue. As their acceptance grew, so did their importance, especially for the military. Computers evolved from convenience to necessity, but users often continue to treat the machines and their networks as conveniences. That is the culture that must change, Gen. Chilton says.

“Unless you make that cultural shift in the way you look at your networks, you’ll never treat them in the appropriate fashion that is required to make sure they’re defended and operated appropriately,” he declares.

Conduct involves training, and the military is increasing its focus on how it is training people to behave on the networks. This includes the best practices for security when logged into a government network. Another part of this effort entails inspecting for compliance. People trained for network security must undergo inspection on the job to ensure that they are taking the necessary steps.

Ultimately, the commander of a base, camp, station or ship is responsible for ensuring that the computers are safe, secure and ready to operate, Gen. Chilton states. “Commanders need to be asking for the readiness of their networks, just like they would ask for the readiness of their aircraft or their ships, when they think about military operations,” he asserts.

Technical capabilities are essential for securing a network, and they must be fielded effectively. The general notes that these capabilities may include firewalls, sensors and even a host-based security system, which can provide vital network information. It can generate knowledge on network configurations and traffic, and it can determine the presence and effectiveness of antivirus software while facilitating its distribution.

The military services have undertaken recent steps to solidify their cybersecurity efforts. The U.S. Air Force has established the 24th Air Force under its Space Command, and the U.S. Navy has stood up its Fleet Cyber Command/10th Fleet. These organizations meet one of Gen. Chilton’s wishes that he expressed a year ago, when he called for the services to organize, train and equip units to support STRATCOM’s mission areas in cyberspace.

These service groups are focusing on supporting STRATCOM operations in cyberspace, including training and building expertise, the general notes. The cyber organizations are providing career tracks for critically needed cyber professionals in a dedicated construct. This should ensure a steady flow of constantly improving expertise along with the equipment required for STRATCOM to carry out its mission. “We’ll have the tools, the people and the equipment to do our job—and one of our major shortfalls has been in people,” he says.

WEB RESOURCES
U.S. STRATCOM: www.stratcom.mil
U.S. Air Force 24th Air Force: www.24af.af.mil

Space Vulnerabilities Mirror Cyberspace

Just as cyberspace has evolved from a convenience to a necessity, so has outer space. And, as with cyberspace, outer space now is a contested venue (SIGNAL Magazine, June 2009). Gen. Kevin Chilton, USAF, commander of the U.S. Strategic Command (STRATCOM) and a former astronaut who flew on three space shuttle missions, points out that space is essential both to military operations and to the U.S. economy. Space capabilities encompass satellites as well as ground-based support facilities, and all of these are potential targets for adversaries.

“I worry about threats to our ground stations, threats to our launch infrastructure, electromagnetic threats—jamming—that could impact our ability to command and control those satellites or to receive the information that we get from those satellites, whether that is precision navigation and timing from GPS [Global Positioning System] or communications links to our global satellite relay system,” he states. “So, it’s not only just making sure the satellite flies correctly and does what it’s ordered to do, it also is the function of it.”

And, of course, the threat of physical interruptions of satellites is always present. These could take the form of an interception by an antisatellite weapon, such as a kinetic kill vehicle that would destroy the satellite, or a laser beam that could blind a remote-sensing orbiter’s electro-optic system.

With the Obama administration removing NASA from the manned spaceflight business in favor of private industry initiatives, the ability of U.S. spacefarers to have direct access to space is uncertain. Gen. Chilton does not see a need for military manned space access for the foreseeable future. However, he points out that the Defense Department has been relying on solid rocket motors for weapons such as the Trident D-5 and the Minuteman III, and officials should ensure that this industrial base remains robust.