Enable breadcrumbs token at /includes/pageheader.html.twig

Technology at the Heart of Army Defensive Cyber Improvements

Moving into the cloud is one of several big steps for the near future.

Defensive Army cyber operations soon will benefit from new technologies and capabilities being incorporated into existing systems. U.S. Army photo

New technologies are fueling U.S. Army cyber operations as the force girds for more diverse challenges in the operational environment. This thrust entails incorporating innovative capabilities while improving existing systems with new approaches, such as moving to the cloud.

The defensive effort was outlined by a group of experts on the second day of the three-day AFCEA Belvoir Industry Days conference at the Gaylord National Resort & Convention Center, National Harbor, Maryland, November 3-5, 2021. A panel of military and civilian leaders described how these improvements are being incorporated atop existing systems to ensure continued effectiveness in the field.

The tip of the spear for defensive Army cyber technology is Cyber Analytics and Detection, or CAD. Lt. Col. Dakota Steedsman, USA, product manager, CAD, said the base platform for CAD is the Army’s big data platform, Gabriel Nimbus, which ingests raw data for enrichment and stores it for analysis. It is operational on unclassified and Secret networks, and it will be operationalized onto the Top Secret network, Col. Steedsman stated. This effort will include increased storage size, add new data feeds and incorporate special apps and tools.

One item moving into the cloud is the Army’s User Activity Monitoring, or UAM. Col. Steedsman explained that it addresses the insider threat by allowing an analyst to identify high-risk user activity by various triggers in near real time across the Army’s networks. This will help take advantage of all the tools, applications and data streams housed within Gabriel Nimbus, he allowed.

One new product that the Army hopes to start fielding soon is Threat Emulation. It will allow the community to emulate adversarial capabilities on their own network, the colonel explained. This should unveil vulnerabilities before a real-world attack. The Threat Emulation team just finished a successful operational assessment, and they are preparing to field the capability over the next few months, he reported.

Lt. Col. Bradley Son, USA, product manager, Cyber Platforms and Systems (CPS), noted that the Army is looking to field the next generation of its Deployable Defensive Cyberspace Operations Systems–Modular (DDS-M) in fiscal year 2023. These systems are configurable hardware kits fielded to cyber protection teams at home and abroad, and the Army is working on their new requirements.

The Garrison Defensive Cyberspace Operations Platform, or GDP, also is moving to the cloud. Col. Son said that this system, which can ingest data at a high rate of speed, began as a hardware-centric solution but evolved to a software-based capability. Version 3 is undergoing fielding, while version 4 should arrive next year. The fifth version would feature the cloud solution, and it also is earmarked for no later than fiscal year 2023.

And at the heart of defensive cyber operations is more data, Col. Steedsman noted. “More data, more touchpoints, the better picture we can paint of the cyber battlefield with that extra data being brought in.”