ARCYBER Needs Computer Architectures for Contested Environments
U.S. Army Cyber Command (ARCYBER) officials want industry to provide computing architectures that can be mathematically proven to work in contested spaces. The need is driven by the Army’s march toward zero-trust cybersecurity, but recent efforts to find mature solutions were not fruitful.
“We just wrapped up some S&T [science and technology] work where we collaborated with industry to identify some provably secure computing architectures. We’re looking for computing architectures that were formally verified using math so that we can prove that they could operate in those contested spaces,” Mark A. “Al” Mollenkopf, science advisor to the ARCYBER commanding general, said in a recent SIGNAL Media interview.
Such an architecture could provide a solid foundation for zero-trust cybersecurity capabilities, which require every network device and user to be authenticated and verified. “The driver for that effort was really to have some type of foundation for zero trust to be built on. Zero trust is a set of principles that we think the Army's going to have to have integrated in order for us to achieve our long-term objectives of security and resilience,” Mollenkopf explained.
Despite the recent S&T effort, officials may need to renew the search at a later date. “After a couple of rounds of collaboration and assessment, we ended up not really pursuing any of the proposals as they didn't really demonstrate the level of technical maturity we were looking for,” the science advisor reported. “But we think we're going to circle back to check on this particular technology, formally verified technologies, in the future to see if it's mature to the point where it can be implemented.”
Command officials are also interested in extended Berkeley Packet Filter (eBPF) technology, a Linux kernel technology that allows programs to run without additional modules or modifications to source code. “The second technology area that we're going to see some legs in—and I think it's a technology area we're watching closely—is eBPF, which is extended Berkeley Packet Filter technology. If you're not familiar with eBPF, basically it's a way to execute monitoring and observability-type code and the deep kernel of systems,” Mollenkopf offered. “I look at this with a particular lens of cloud, where visibility is limited. You don't always get to see a lot what's going on in cloud, so eBPF executes in kind of an isolated sandbox way but enables visibility in the system that we can't really see very well today.”
He added that “there's a lot of momentum to leverage virtualized or containerized architectures, having a good way to get better visibility across that area is really critical for us.”
ARCYBER officials seek to innovate in a number of technical areas. “I think our pursuit of innovation in specific areas of like data analytics, software development, malware exploitation and our analysis—even forensics analysis—that's really going to significantly increase our long-term operational agility. It’s going to give us legs to help protect the Army's most critical systems,” Mollenkopf said.
Part of his mission, he indicated, is to shape the command’s S&T investments to “be as focused as possible across the spectrum of our signal, cyber and electromagnetic warfare mission space.”
“The S&T community, they've invested a lot of resources and time and PhD-level experts, so having their holistic efforts really tightly focused on our most difficult operational needs is essential to gaining and really sustaining advantage across our key areas,” he offered.
Army Cyber Command officials also have touted the benefits of artificial intelligence for continuous monitoring and suggested that artificial intelligence may help cyber defenders more than attackers.
Army leaders will share more insights on the service’s cyber, signal and electronic warfare efforts at AFCEA’s TechNet Augusta conference, Augusta, Georgia, August 14-17.