Secure networks are vital to U.S. military operations at all levels and are a source of tactical, operational and strategic advantages. They provide the capability to acquire, move and process massive amounts of information, make decisions rapidly and command distributed forces on an unparalleled scale.
However, Networks within the United States and abroad face increasingly broad-spectrum cyber threats from numerous actors and novel attack vectors. DoD networks are under continuous attack, 250,000 a day by some estimates, ranging from curious teens to the advanced persistent threat and malicious insiders.
The DoD is not only threatened by attacks on its own networks but by those against government agencies with whom the Pentagon works, the private sector companies from whom it depends for a vast array of goods and services and portions of the nation’s critical infrastructure on whom it is dependent. Malicious activity also crosscuts organizational boundaries, as nefarious actors use networks with less protection to pivot into networks containing key assets.
U.S. Army “Shaping the Army Network: 2025-2040,” vision for an effective, modern enterprise network will let soldiers fight in joint, interagency and multinational environments. Its vision identifies five areas where the service needs leap-ahead technologies and network capabilities: dynamic transport, computing and edge sensors; data to decisive action; human cognitive enhancement; robotics and autonomous operations; and cybersecurity and resiliency. There is no value to investing in the best network technologies if they are vulnerable to attack. Success in future conflicts will go to the side best able to defend their networks from penetration, exploitation and attack.
In order to more effectively, efficiently and securely exploit the advantages inherent in a networked force, the Department of Defense (DoD) is beginning to change the way it organizes and manages its networks. The Pentagon is building the Joint Information Environment (JIE), a single joint enterprise IT platform that can be leveraged for all DoD missions. It is designed to provide greater standardization, economies of scale, end-to-end visibility and new, single security architecture. The JIE envisions a single security architecture that will provide the organizational backbone, operational coherence, end-to-end situational awareness (SA) and rapid response needed to provide cyber security for the massive and growing IT environment.
Enterprise-sized networks like JIE present challenges in terms of their size and distributed structure. What makes it even more challenging is not knowing where, when, and how enterprise network attacks will occur and what kind of tactics attackers are using. The Common Vulnerabilities and Exposures system, which tracks cyber security vulnerabilities, records about 7,000 new exploits annually. However, in 2017 that number jumped to more than 14,000, Roberts noted.
Detection of these threats requires adjustments to network and host sensors at machine speed. Additionally, the data required to detect these threats may be distributed across devices and networks. In all of these cases, the threat actors are using technology to perpetrate their attacks and hide their activities and movement, both physical and virtual, inside DoD, commercial, and Internet Access Provider (IAP) networks. Today’s state-of-the-art commercial tools do not directly address the scale and speed needed to provide the best defence for multiple networks, according to DARPA. The US Defense Advanced Research Projects Agency (DARPA) is seeking to improve how enterprise networks can rapidly detect and defend against cyber attacks.
The program, called Cyber Hunting at Scale (CHASE), uses computer automation, advanced algorithms and a new caliber of processing speed to track large volumes of data in real-time, enabling human cyber hunters to find advanced attacks otherwise hidden or buried within massive amounts of incoming data. Working in tandem with DARPA, a BAE Systems scientist says the potential promise of these advanced techniques is quite significant, because there is often simply not enough storage and memory to monitor nearly 80-percent of trafficking data goes undetected in large enterprise networks.
“Cyber hunt teams are currently massively overburdened and can only look at a small percentage of data collected using filters. Advanced adversaries take advantage of this,” Sam Hamilton, BAE Systems Chief Scientist, told Warrior Maven in an interview earlier this year. “Sophisticated adversaries understand today’s cyber defense chain very well and are building things to defeat it.”
Hamilton further specified that increasingly sophisticated adversaries are developing methods of hiding attack “footprints,” or weaving them into data streams not likely to be flagged at high-priority by cyber defenders. CHASE uses “adversary resistant” machine learning, developers explain; the aim of machine-learning is to build automation able to organize and analyze new information by identifying patterns, placing things in context and comparing new data against very large historical databases.
The Defense Advanced Research Projects Agency is seeking tools that can coordinate cybersecurity across the large, distributed networks of the Department of Defense. The goal is to be able to build adaptive technologies that can recognise, detect, and defend enterprise networks with the same kind of speed and agility that cyber attacks have, Dr Jennifer Roberts, programme manager for DARPA’s Cyber-Hunting at Scale (CHASE) programme, told Jane’s .
The concept is to not only thwart commonly used malware, phishing and denial-of service attacks but also defeat much more elaborate, sophisticated kinds of attacks. “An advanced piece of malware could be a program designed to hide in computer memory or on a router,” Hamilton explained.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.