The United States military is heavily dependent on networked communication to fulfill its missions. The wide-area network (WAN) infrastructure that supports this communication is vulnerable to a wide range of failures and cyber attacks that can severely impair connectivity and mission effectiveness at critical junctures. Examples include inadvertent or malicious misconfiguration of network devices, hardware and software failures, extended delays in Internet Protocol (IP) route convergence, denial of service (DoS) flooding attacks, and a variety of control-plane and data-plane attacks resulting from malicious code embedded within network devices.
Defense Information Systems Agency’s 2014 — 2019 Strategic Plan has set a strategic goal to evolve the Joint Information Environment. It involves evolving a consolidated, collaborative, and secure joint information environment, enabling end-to-end information sharing and interdependent enterprise services across the Department that are seamless, interoperable, efficient, and responsive to joint and coalition Warfighter requirements. It shall be achieved by Normalizing Networks with common standards with the intent to eliminate excess redundancy and legacy non- Internet Protocol (IP) services to create a unified capabilities, everything over IP meshed transport infrastructure.
DARPA launched the EDICT program with aim to bolster the resilience of communication over IP networks against both cyberattacks and common network errors by adding new capabilities to the communications devices at the edges of the network, rather than to the network itself.
Military moving to all IP-based Networks
IP-based networks have the ability to transport voice, data, and video and wide variety of applications over a unified network, solve the problem of incompatible radio communications, and promote collaboration between military personnel, joint forces, coalition partners, and even civilian agencies for disaster relief. Packet-switching IP network is also designed to provide greater resilience and survivability by retransmitting and rerouting packets around any broken segments.
Defense Information Systems Agency (DISA), have recently implemented Global Video Teleconferencing Solution (GVS), an IP-based solution that delivers advanced capabilities – such as multipoint video collaboration and information sharing.
Finally, the GVS will help DISA and the DoD meet one of the core initiatives in its current strategic plan – increasing the use of unified capabilities. The IP infrastructure inherent in the GVS will allow the delivery of video collaboration out further to the edge by allowing warfighters, military decision makers in the field and military employees across the globe to access HD video collaboration from many smartphones, tablets and other mobile devices.
Threats to IP based Military WANs
Military and intelligence networks run on physical infrastructure consisting of landline, mobile, radio and satellite communication links. Most of these communication links are not connected to the public internet, because radio and satellite transmissions can easily be intercepted by foreign countries.
The security of these networks is assured by encryption implemented by very strong and classified encryption algorithms. On most networks this is implemented by in-line network encryptors. The strong link encryption is supplemented by strict physical and digital security measures at the end points or computer terminals (where data are processed before they are encrypted) in order to prevent any kind of eavesdropping or interception by foreign adversaries.
Unfortunately, the wide-area network (WAN) infrastructure that supports this communication is vulnerable to a wide range of failures and cyber-attacks that can severely impair connectivity and mission effectiveness at critical junctures.
Examples include inadvertent or malicious misconfiguration of network devices, hardware and software failures, sabotage, extended delays in Internet Protocol (IP) route convergence, denial of service (DoS) flooding attacks, and a variety of control-plane and data-plane attacks resulting from malicious code embedded within network devices.
Rapid recovery from such events is critical for ensuring mission success. In the current art, however, recovery can take anywhere from tens of minutes to several hours or more, depending on the nature of the event(s). Outage durations of this magnitude stand in stark contrast to missions’ tolerance for loss of communication, which is usually minutes or less – a disparity of two to three orders of magnitude.
The networking research community has invested heavily in hardening network infrastructure to mitigate or prevent network events. Proposed methods include a variety of network-based DoS detection techniques, Byzantine fault tolerance algorithms, trust-based routing methodologies, algorithms for discovering configuration errors, and a variety of fast fail-over mechanisms, among many others.
Unfortunately, the specter of human error, malicious insider actions, increasingly sophisticated cyber-attacks against network infrastructure, and high WAN complexity (which in turns creates complex failure modes) still constitutes a grave threat to mission communication. A closely related problem is that during periods of degraded or denied communication, users may have no cyber situational awareness concerning the nature or extent of the problem, including the knowledge of which users have been affected and what networking capabilities remain available.
In military networks, the common use of in-line encryption devices at the boundaries between user enclaves and the WAN leaves users with no direct visibility into, or control over, WAN infrastructure. This lack of information impedes mission commanders’ ability to assess the impact of network events on the mission, and to adapt mission plans.
DARPA’s Edge-Directed Cyber Technologies for Reliable Mission program
Therefore, new approaches to providing reliable communication are needed. The objective of the EDICT program is to bolster the resilience of communication over IP networks against both cyberattacks and common network errors by adding new capabilities to the communications devices at the edges of the network, rather than to the network itself.
“Recovering from network attacks or working around misconfigurations can disrupt traffic for hours,” said Greg Lauer, EdgeCT principal investigator at Raytheon BBN. “Our aim on the EdgeCT program is to minimize that disruption to minutes or less. Our approach does not require control or direct observation of the wide area network and so it can be easily deployed in end user enclaves.”
It is envisioned that systems developed within this program will combine real time network analytics, holistic decision systems, and dynamically configurable protocol stacks to mitigate WAN failures and attacks on the fly, in a mission-aware fashion. Protocols in scope for this program include those at the network, transport, and application layers of the five-layer protocol reference mode.
Big data analytics has the ability to gather massive amounts of digital information to analyze visualize and draw insights that can make it possible to predict and stop cyber-attacks. Research firm Gartner said that big data analytics will play a crucial role in detecting crime and security infractions. By 2016, more than 25 percent of global firms will adopt big data analytics for at least one security and fraud detection use case, up from current eight percent.
It is envisioned that EdgeCT systems will mitigate WAN failures and attacks on the fly, in a mission-aware fashion, by incorporating the following three technical components:
- Real-time network analytics that extract useful information about WAN characteristics and events from enclave-based observation of packet flows into and out of the WAN.
- Holistic decision systems that use knowledge gained from real-time network analytics, as well as configurable information concerning mission plans (including tasks, priorities and deadlines, if applicable) to determine actions that mitigate network events, in a fashion that best serves the mission as a whole.
- Dynamically configurable protocol stacks that implement these decisions by modifying the manner in which information is handled at the network, transport and application layers of the five-layer protocol stack model of Internet operation.
EdgeCT systems and all of their functionality will be positioned solely within (cleartext) enclaves fronted by one or more in-line military encryption devices. These systems will have no ability to communicate directly with the WAN control or management planes or with the WAN administrator, and will have no knowledge of WAN architecture except for what EdgeCT systems can infer from edge-based observation of packet flows into and out of the WAN.
EdgeCT system designs cannot require any changes to the WAN or to the encryption boundaries. Deployed EdgeCT systems may ultimately have to recognize and support robust communication for a variety of user applications including real-time streaming video, real-time audio, file transfer and situational awareness, among others.
DARPA awards Raytheon BBN technologies $12.2M to optimize information flow in military networks
The Defense Advanced Research Projects Agency (DARPA) recently awarded Raytheon BBN Technologies $12.2 million under the Edge-Directed Cyber Technologies for Reliable Mission Communication (EdgeCT) program to research optimized information flow for military operations over wide area networks.
DARPA awarded a Raytheon BBN-led team a contract to develop an overlay network, interconnecting users through secure connections. Through these connections, software could continuously monitor events in the larger network and their effect on traffic flow, Raytheon officials said. The overlay network also could exchange information about network conditions and then dynamically configure the way the network handles application traffic to maximize performance.
MIT’s Distributed Enclave Defense Using Configurable Edges (DEDUCE)
Applied Communication Sciences (ACS) and its partners Apogee Research, MIT, University of Pennsylvania, and Texas A&M University propose to develop Distributed Enclave Defense Using Configurable Edges” (DEDUCE). DEDUCE is a bold new architectural approach to edge-directed network adaptation that incorporates novel approaches to sensing, actuation, and control, creating a robust and scalable system that exceeds EdgeCT goals and evolves in response to changes in the network.
Dr. Nick Duffield, a professor in the Department of Electrical and Computer Engineering at Texas A&M University, is part of the group. Duffield’s involvement in the project stems from his research in Network Tomography, in which end–to-end performance measurements between network edges can be correlated to identify common origins of performance degradation. In DEDUCE, this information will be used to inform strategies for alternate routing on an overlay network between enclaves.
DEDUCE’s Real-Time Network Analytics (RTNA) process observations from user application packets traveling to and from edge enclaves to infer WAN characteristics needed for high-quality decision making, such as differentiating between congestion and non-congestion packet loss.
DEDUCE’s Holistic Decision Systems (HDS) balance the often-opposing goals of Cumulative Network Utility (CNU) maximization and individual task utility.
Simultaneously, DEDUCE employs tight-loop runtime control and observation to react and adapt flow treatments quickly in response to network events.
DEDUCE’s dynamically-configurable protocol stacks employ several actuators designed to mitigate the effects of network events while simultaneously scaling to support large-scale DoD networks.