Systems for Cyber Control
.jpg)
As it works to make cyberspace an effective
warfighting domain, the Air Force is developing
the basic infrastructure capabilities needed
to execute the new command’s mission.
The Air Forces Cyber Control Systems (CCS) program, one of the first pieces of that infrastructure, is currently in the early stages of a contract competition. The mission of the program is to provide command and control of infrastructure and systems, situational awareness (SA) of what is happening in the networks, and the ability to respond proactively and even undertake automated predictive actions in anticipation of developing threats.
An informational tool rather than an offensive system, CCS is one element in the Air Force’s vision of achieving dominance in the cyber-domain by identifying threats and the information with which to decide how to engage them—electronically or kinetically.
“The CCS is designed to provide a better situational awareness picture from available sources, and in that regard doesn’t protect better or differently, but enables commanders to make better decisions about the protection of the network more quickly,” explained Vince Ross of the Electronic Systems Center (ESC), the program manager for CCS.
“The CCS is designed to provide SA and C2 for the Air Force-Global Information Grid (AF-GIG) for the AFNetOps commander and his forces. It will integrate with various systems, including Theater Battle Management Core Systems (TBMCS) and Information Operations Planning Capability-Joint,” he said.
TBMCS “is a likely system for CCS to interface with, but that interface hasn’t been completely defined,” Ross said, noting that the CCS program is still in its infancy.
“Our requirements are similar to the other services and relate to managing our portion of the DoD GIG,” he explained. “Again, we must first establish an integrated situational awareness of activities on the AF-GIG, so we can effectively and efficiently command and control the AF provisioned portion of the DoD GIG. CCS will enable us to establish freedom of maneuver in cyberspace, our newest domain.”
CCS Spiral 1 is meant to provide an initial operational capability and provide a foundation for future capabilities that can be added in future spirals. The Air Force has allocated $7 million this year, enough to get the initial spiral ready for testing in September—six months after the planned request for proposals (RFP) is issued. In fiscal 2009, officials plan to add a further $20 million to bring further spirals online.
The ability to deliver this will however depend on a number of variables, Ross commented. “The scope will be the critical factor [in meeting the schedule]. Initial feedback from industry has been positive.”
An industry day was held late January to familiarize potential bidders with the systems requirement document outlining the Air Force’s aspirations in more detail. The RFP was scheduled to be issued in March.
Some elements of the architecture and scope are more firmly established. One is the broad physical reach of CCS, which will be fielded at various levels, Ross explained. “The current concept of operations calls for a main operating location, along with requisite backup, and hubs architected to provide Web-based access for users globally.”
The unit leading CCS at this time, the ESC’s 753rd Electronic Systems Group, has previously participated in a number of experiments such as the Coalition Warrior Interoperability Demonstration and Joint Expeditionary Force Experiment (JEFX). “A wide variety of lessons learned are recorded from our JEFXs and will be incorporated into the CCS,” Ross said.
Following are interviews with three companies that have expressed interest in development of CCS.
Security Engineering
ITT’s Advanced Engineering and Sciences division, located in Rome, N.Y., is leading the company’s work on CCS. Largely formed by the acquisition of Dolphin Technology last year, the division focuses on security engineering and the development of cross domain information-sharing solutions.
The division’s strength is “the ability to rapidly exchange diverse information between networks operating at different security classification levels, getting information out of Top Secret environments, right down to lower security levels or perhaps to coalition partners,” said Scott Patrick, director of business development. “We know what it takes to design, develop, test and certify these solutions in accordance with stringent government requirements and foster them through the accreditation process for operational use in multiple security domains.”
ITT undertakes considerable cyber-security research work sponsored by the Air Force, which operates the Air Force Research Laboratory Information Directorate, also located in Rome. “We have a very strong R&D portfolio that could begin to meet and address the Air Force’s cyber-requirements, which are beginning to manifest themselves in efforts like CCS. ITT has interest in that and we are right now contemplating either a prime role or participating in a team to bring our capabilities to the fight.”
Patrick cites the company’s role as developer of the Information Server Support Environment (ISSE) Guard, in service at over 200 operational sites within the Department of Defense and developed with the AFRL-Rome Information Directorate and Defense Intelligence Agency (DIA), as evidence of their cross-domain capability. ISSE Guard brings together multiple networks operating at different security classification levels. ITT provides the interface and all the security associated with lashing these different networks up.
“ISSE Guard is above and beyond a firewall, because we are protecting and assuring highly sensitive, highly classified information and networks,” Patrick said. “If it’s a fixed format type of information—a formatted message or something that is structured—we have developed filters so that transfer takes place automatically. If it’s unstructured data—imagery, PowerPoint or some other file type that is not very structured—then we implement tools that give analysts the ability to rapidly review that data and assess it to make sure there’s nothing classified in there.”
There is currently no tactical/light implementation of ISSE Guard for use on the battlefield. But AFRL and ITT are jointly developing this capability, in an effort that began in 2007.
ITT also develops standalone cross-domain services—better tools for reliable human review—that can be used with other cross-domain solutions. One example is PuriFile, development of which was co-sponsored by AFRL, DIA, the National Security Agency and ITT. “This allows an individual to look at a Microsoft Office product and determine whether there is any hidden data, such as white-on-white text or a cropped image an embedded file, so that before they press the send button, they have some assurance regarding what is contained in that file,” said Jack LoSecco, director of the Cyber Assurance Department at ITT.
ITT is in the final stages of a 5,000-seat license agreement with DIA, and it is in use elsewhere within the DoD.
Phil Zaleski, customer solutions manager at ITT, pointed to a range of R&D projects undertaken by ITT for the Air Force that are similar to CCS. “We started our history of support with a program called Extensible Program for Intrusion Control (EPIC) as a security management system for the defensive cyber side. Our support then transitioned to EPIC2 (Command and Control). Our successes with EPIC and EPIC2 paved the way for our involvement in the Automated Intrusion Detection Environment (AIDE) ACTD, the Air Force’s first shot at a fully deployable security management system.
“AIDE was transitioned by the Defense Information Systems Agency to a number of different agencies, including Joint Forces Command, and from there the technology has been rolled out into different programs,” Zaleski continued. “Other programs of record are the Air Force Enterprise Defense and Network Defense Common Operational Picture, which we believe have the core capabilities that Cyber Command is going to be looking for. These capabilities include but are not limited to cyber-situational awareness and mission impact assessment. A lot of the work we do is focused on transitioning technologies that have been developed with research dollars and getting them out to the warfighter.”
A new cyber-initiative that the Air Force began ground floor research on 18 months ago, and that ITT is providing support to is, the description and initial architecture for Cybercraft. “This is a next generation weapon systems for the Air Force which can work in cyber-space, primarily on a defensive perspective, that can sense, detect and begin to implement defensive postures in the cyber-domain,” said Patrick.
Efforts like Cybercraft “are an example of how ITT works with their Adaptive Mission Security at the Edge Alliance partners to provide our customers with the very best cyber-security research and solutions,” Zaleski said, noting that the alliance can be reached at www.amse-alliance.com.
ITT products are also used to support the automated high speed transfer of fixed format message traffic between security domain in programs, LoSecco said, including the Mobile User Objective System and Integrated Broadcast Service milsatcom programs, the Air Forces Distributed Common Ground Systems and work on Multiple Moving Target Tracking, after being competitively selected by the primes.
Beyond the defense world, LoSecco said, “We found an immediate need for our information-sharing solutions and capabilities at the Department of Homeland Security. As they started to reach out to other departments and agencies, all these other agencies have their own security rules and they clearly need a cross-domain capability that allows them to reach into other organizations and exchange data with them and do it in secure fashion.”
Sustaining Operations
“The government is still wrestling with exactly what the Air Force needs in the CCS,” explained Bruce Bohn, Air Force account executive for Raytheon Network Centric Systems.
“Raytheon prides itself as a key partner with USAF,” Bohn said. “We understand the mission for the Air Force and many of the challenges they will face in standing up and sustaining cyber-operations. Raytheon has the capability to create a solution that provides a COTS/GOTS capability to meet CCS requirements under very tight time constraints.”
Currently, Raytheon and Lockheed Martin are building one of the key C2 suites for the Air Force’s Integrated Air Operations Center. The C2 suite is built on a solid IT foundation, and will be an important function of the CCS.
Separately from the Air Force, Raytheon has been working with a number of other government offices to provide them with similar capabilities analogous to CCS. “That is the same kind of capability that the Air Force is asking for,” Bohn said. “The IT domain is well known to us and the requirements for NetOps and CyberOps situational awareness and response is something we have been working on for a long time with different customers, not just the Air Force.”
Raytheon provides customers with an end-to-end capability to detect anomalies and understand what is happening in their networks, and whether disruptions are due to friendly, hostile or inadvertent action. “An end-to-end network and enterprise approach is important because it has been very difficult to determine what is causing a disruption of service because it may not result from any one part of the network,” Bohn explained. “Although each individual piece may be working very well there could be cumulative effects that can cause an impact to the customer.”
The information is presented to the operator in a tailorable graphic display and a usable format, so that a decision can be made quickly on implementing corrective actions. “Action can be taken on a predictive basis by applying knowledge-based rules,” he said. “If certain things happen, you might be headed for a problem, and so you might want to take certain actions immediately.”
The key to a useful capability, Bohn suggested, is to ensure that the user can easily see what’s going on and quickly and effectively respond.
“We have found by working with our customers, there are going to be multiple locations, users and echelons that need a tailored display,” he said. “Each operator has information that is of more interest to him than others. The idea is to work with the user to decide how they want their systems configured and customized to meet their specific operating requirements. It is not one solution fits all. It’s how we build a system and a capability that is a tailorable that allows you to modify and adjust easily to accommodate the specific needs of users.”
CCS’s spiral solution requires the foundation architecture for Spiral 1 to be solid. “It is very important,” said Bohn. “We think there is a way to structure and build the architecture so that it will accommodate growth and scale to meet future needs. In our input to the government we have recommended to them certain things that are appropriate to put in Spiral 1 for that reason.
“If you get the foundation and open architecture built right, although there might be some adjustments later as CCS becomes more complex, it is an architecture and configuration that can grow as requirements increase,” he added.
Integrated Design
Stan Tyliszczak, senior director of technology integration in General Dynamics Information Technology’s Chief Technology Office, outlined the company’s broad approach for CCS.
“General Dynamics is working closely with the Air Force in the design of an integrated Cyber Control System for the Department of Defense,” he said. “Our company has many years of experience and a wide range of capabilities in command and control, cyber-warfare, cyber-assurance and related mission solutions and technologies. The requirements and design of the Cyber Control System are at an early stage, and we expect the procurement will be very competitive.
“We are working across the breadth of General Dynamics to ensure that we bring together the best we have to offer to the Air Force for those requirements including network operations (AFNetOPS), infrastructure and security,” Tyliszczak continued. “This complements the Air Force’s desire for a spiral development approach for CCS, where each spiral of advanced capability may require different technical strengths.”
General Dynamics has a long-standing relationship with the Air Force as a complete IT services and network-centric systems developer and integrator employing more than 15,000 professional IT employees globally. “As one of the prime integrators supporting the Air Force, General Dynamics IT has installed the fixed and wireless IT infrastructure at the majority of Air Force bases worldwide,” Tyliszczak said. “General Dynamics provides enhanced network management and network defense across the Air Force, using a spiral development approach, which is a key underlying component for CCS.”
Tyliszczak identified AFNetOPS as the key concept around which General Dynamics IT is building its approach for CCS. “The General Dynamics IT team understands the AFNetOps construct from the routers at the bases to the future enterprise architecture, and their mission to support the top-level command and control processes and requirements of the Air Force Network Operation Center, including the CCS and other systems that will be integrated with it.”
Recognizing that full life cycle support is a key component of any operational system, Tyliszczak concluded, “We are also positioning to ensure that logistics supportability is integrated throughout the development process. General Dynamics has been providing IT logistics support across the Air Force for over 20 years.” ♦
