Network Situational Awareness Looms Large in Cyberspace
A sailor aboard the USS Ronald Reagan troubleshoots the videoconference aspect of the ship’s video information exchange system. High on the wish list of the U.S. Strategic Command is a broad network situational awareness capability that would provide
The pieces are coming together, but the puzzle is becoming more complex.
a common operating picture of cyberspace.
The key to prevailing in a hostile cyberspace environment may lie in the ability to generate a comprehensive picture of that environment. Both the military and the public sector rely heavily on cyberspace assets that are intertwined, and effective threat detection and response will need to encompass both realms.
The
Gen. Kevin Chilton, USAF, is the commander of U.S. Strategic Command (STRATCOM). He points out that, just as ground military forces need situational awareness on the battlefield, cyber forces need effective situational awareness in their domain. “We need a common operating picture of that situation—one that we can share across our military networks with all the services and COCOMs [combatant commands], but also one that we can share with the Department of Homeland Security,” he contends. “Threats to our military networks likely will come in through the Internet, so there needs to be a common operating picture of what’s going on out there in the Internet that might place a risk on not only us but also the critical
The greatest impediment to achieving this situational awareness picture may well be a demand function, the general continues. “We haven’t demanded this very much because we are nascent and new,” he suggests. “Having a common operating picture for our own military networks has been an uphill struggle that I think we have crossed the bridge on—at least getting everyone to agree to do that in the past year and a half.
“Now, what I’m asking for is beyond having a common operating picture of the health, status and well-being of our internal networks—it’s what else is out there and what’s coming at us,” he explains.
“We must prepare ourselves for what I see as inevitable: that in any future conflict, future adversaries will challenge us in cyberspace—both to interrupt our cyberspace operations but also perhaps to interrupt operations in other domains.”
The general relates how the 2008 conflict between
Adversaries can gain access to
While STRATCOM, through the Defense Department, is tasked with operating and defending military networks, the Department of Homeland Security is in charge of protecting the public critical infostructure. Even though the departments have delineated areas of responsibility, Gen. Chilton offers that both groups could support each other by sharing information on threats. “You can bet that the threats posed against our military networks—the tactics, techniques and procedures, along with malware—are not necessarily specifically designed for just our networks,” he says. “They could be applied to other networks, so a close relationship between us and the Department of Homeland Security and its threat warning centers is essential for sharing threat information.”
If the
The cyberspace threat picture has not changed greatly over the past few years. Teenage hackers still are in the picture, as are cybercriminals and foreign agents. Some threats have increased in number and sophistication over the past few years. Gen. Chilton cites the criminal element as one growing threat along with that of the nation-state. A foreign government can dedicate resources ranging from training to research and development into sophisticated hardware and attack algorithms. “That is where I am starting to focus onto what we need to think about as the larger risk in the future,” the general says.
Determining the source of a cyberattack remains an elusive goal. “Attribution is a difficult thing to do in this domain, but it is not impossible,” Gen. Chilton allows. “Nor is it an area that I want to give up on.” He notes that if the
An Air Force missile warning sensor controller receives information via telephone in the Joint Space Operations Center at Vandenberg Air Force Base, California. With space now a contested venue, its vulnerability is similar to that of cyberspace. Both the U.S. military and the public sector confront threats to what is now an environment essential to daily operations.
A growing trend that concerns the general is cyber espionage. Spies are taking information from unclassified networks such as the nonsecret Internet protocol router network (NIPRNET). The purloined information can range from personal data to other material that, while unclassified, still could be useful to an adversary in time of conflict. When conflict erupts, an adversary can be expected to use that information along with other techniques to attack
For information operations, computer network operations is a high priority to STRATCOM, as is electronic warfare (EW). Gen. Chilton relates that the command has just completed a capabilities analysis to assess EW capability shortfalls and identify areas for improvement and investment. That study already is having an effect on investments being pushed forward by the Defense Department in the program objective memorandum, the general notes.
STRATCOM also is active in EW through its work with the electromagnetic spectrum. The command is involved in decisions regarding military spectrum reallocation or sale, and the command focuses on military concerns in that arena, the general says.
The command also supports operational security (OPSEC) inspections on request. Any
Gen. Chilton describes culture, conduct and capability as “the three Cs” of effective cyberspace security. They must be addressed simultaneously, he adds.
The cultural changes necessary to secure cyberspace draw from the introduction of the personal computer into widespread usage. Originally, personal computers and their office equivalents were mostly tools of convenience. When problems arose, a quick call to the information technologist solved the issue. As their acceptance grew, so did their importance, especially for the military. Computers evolved from convenience to necessity, but users often continue to treat the machines and their networks as conveniences. That is the culture that must change, Gen. Chilton says.
“Unless you make that cultural shift in the way you look at your networks, you’ll never treat them in the appropriate fashion that is required to make sure they’re defended and operated appropriately,” he declares.
Conduct involves training, and the military is increasing its focus on how it is training people to behave on the networks. This includes the best practices for security when logged into a government network. Another part of this effort entails inspecting for compliance. People trained for network security must undergo inspection on the job to ensure that they are taking the necessary steps.
Ultimately, the commander of a base, camp, station or ship is responsible for ensuring that the computers are safe, secure and ready to operate, Gen. Chilton states. “Commanders need to be asking for the readiness of their networks, just like they would ask for the readiness of their aircraft or their ships, when they think about military operations,” he asserts.
Technical capabilities are essential for securing a network, and they must be fielded effectively. The general notes that these capabilities may include firewalls, sensors and even a host-based security system, which can provide vital network information. It can generate knowledge on network configurations and traffic, and it can determine the presence and effectiveness of antivirus software while facilitating its distribution.
The military services have undertaken recent steps to solidify their cybersecurity efforts. The U.S. Air Force has established the 24th Air Force under its Space Command, and the U.S. Navy has stood up its Fleet Cyber Command/10th Fleet. These organizations meet one of Gen. Chilton’s wishes that he expressed a year ago, when he called for the services to organize, train and equip units to support STRATCOM’s mission areas in cyberspace.
These service groups are focusing on supporting STRATCOM operations in cyberspace, including training and building expertise, the general notes. The cyber organizations are providing career tracks for critically needed cyber professionals in a dedicated construct. This should ensure a steady flow of constantly improving expertise along with the equipment required for STRATCOM to carry out its mission. “We’ll have the tools, the people and the equipment to do our job—and one of our major shortfalls has been in people,” he says.
WEB RESOURCES
U.S. Air Force 24th Air Force: www.24af.af.mil
Just as cyberspace has evolved from a convenience to a necessity, so has outer space. And, as with cyberspace, outer space now is a contested venue (SIGNAL Magazine, June 2009). Gen. Kevin Chilton, USAF, commander of the U.S. Strategic Command (STRATCOM) and a former astronaut who flew on three space shuttle missions, points out that space is essential both to military operations and to the “I worry about threats to our ground stations, threats to our launch infrastructure, electromagnetic threats—jamming—that could impact our ability to command and control those satellites or to receive the information that we get from those satellites, whether that is precision navigation and timing from GPS [Global Positioning System] or communications links to our global satellite relay system,” he states. “So, it’s not only just making sure the satellite flies correctly and does what it’s ordered to do, it also is the function of it.” And, of course, the threat of physical interruptions of satellites is always present. These could take the form of an interception by an antisatellite weapon, such as a kinetic kill vehicle that would destroy the satellite, or a laser beam that could blind a remote-sensing orbiter’s electro-optic system. With the Obama administration removing NASA from the manned spaceflight business in favor of private industry initiatives, the ability of Space Vulnerabilities Mirror Cyberspace