Saturday, September 6, 2008

Why We Need AF Cyber Command

A lot has happened since my last post. Both Political Conventions have come and and gone - the United States and Russia have fallen into what resembles another Cold War, the economy is taking major hits across a number of fronts and Pakistan has destabilized. Yet, the question remains, why do we need AF Cyber Command?

I would argue that as uncertainty increases, so does the need for Cyber Defense and I believe that the Air Force vision for Cyber Defense is the most advanced or mature approach that we have available. There are still quite a lot details that need to be worked out, but I think the best way to tackle those is within the context of the actual command ramp-up. No institution is perfect from day one or otherwise completely defined across its lifespan before it begins and with Cyber Defense, the ability to evolve such an institution is actually a key attribute. Let's go over some fundamental reasons why moving forward now makes sense:
  • It will be more cost effective than the status quo. How so, well, combining missions is always cheaper than duplicating them and right now we have a lot of duplication to deal with.
  • It will be more accurate and efficient and the status quo. The ability to integrate the necessary data to manage situational awareness will improve as the organizations that manage that data are finally coordinated.
  • It will more than likely represent our first line of defense for future domestic threats. As the rest of the federal Cyber Defense infrastructure roles mature this may change, but as of now AF Cyber is poised to take a lead role and ensure that comprehensive Cyber Defense is in place near term.
  • It would more likely significantly improve the quality of actionable intelligence for operational commands. Over the last several months there have been multiple incidents of civilian losses that perhaps could have been avoided. I believe that the combination of intelligence with traditional and non-traditional force projection will improve quite a bit under aegis of AF Cyber Command.
  • It will allow for full exploitation of a much wider range of sensors now available to us (including UAVs). This sensor fusion extends beyond the normal scope of "NETOPS" but falls squarely within 'Cyber' mission parameters.
  • Most importantly, the notion of Cyber Command gives us a central integration authority which can mitigate and resolve issues related to complex system of systems integrations that have branch-wide or national implications.
In terms of the cost effectiveness related to the points above I believe that the savings will easily extend into the billions of dollars. In terms of mission effectiveness, there is simply no way to estimate an ROI but the value will become apparent the first time it is called into action.


copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 7:08 AM 0 comments
Labels: , ,

Friday, August 15, 2008

AF Cyber Command Suspended

Several news outlets have reported that the massive Air Force Cyber Operations realignment has been suspended (and possibly canceled altogether).

Slashdot Story

AF Cyber Press Release

AF Cyber Command was chartered to become the Air Force's first new MAJCOM (Major Command) in quite some time. It involved the combination of more than a dozen existing units or organizations and their respective missions. The project had already fallen behind significantly behind schedule and this announcement came merely 46 days before IOC.

So why did it happen? Here are my thoughts (as someone who was at least peripherally involved with the effort):

1 - The core mission was never clearly defined and agreed upon at the highest levels.

2 - The evolutionary mission was never really discussed at all (i.e. defining the next 10 to 20 year mission trajectory).

3 - As with any large piece of Federal business, this project was highly politically charged with no less than 18 governors / states competing for the Headquarters location.

4 - Combining the near-term missions of the existing organizations (and more to the point, de-conflicting them) has proven fairly difficult.

5 - There is still lingering fallout from the earlier problems this summer resulting from the resignation of the previous Secretary of the AF.

Was the AF Cyber Command concept a mistake? I don't think so, and many other DoD branches and Federal agencies are still following similar mission paths. I do believe though that any such organization really, really needs to have strong doctrinal support before launching operations. I believe the AF still has time to resolve that though and launch AF Cyber or something similar earlier next year.

In my following post, I'm going to lay out a case for why we still need an AF Cyber Command.


Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 10:20 AM 0 comments
Labels: ,

Sunday, March 23, 2008

Actionable Intelligence and C2

Actionable Intelligence is more than data. Today’s commanders often have more data than they can handle and that situation is going to scale exponentially as more aspects of operational management are automated. In the relatively near future, nearly every element of the battlefield will be electronically connected to local, theater or global level command centers. How then do we architect tomorrow’s command center to manage this ever increasing quantity of information while simultaneously improving data quality? It is even more challenging if we consider that many of the various components that comprise this emerging picture are developing in isolation from one another.

Intelligence is only valuable if it provides useful information. The value of Intelligence is directly proportional to its relevance, its accuracy and its timeliness. Intelligence cannot then be random aggregations of data, it must instead consist of validated and “architected” information. The challenge for the C2 community today is to define an architecture that creates ‘Actionable Information’ on a consistent and predictable basis. The notion of Net Centricity in many ways is a reflection of this basic requirement or challenge. Others have referred to this scenario as “Data Transparency.” Whatever it is called though, the challenge remains the same, in order to win the battles and conflicts of tomorrow, we must be able to provide the right people with the right information at the right time.

Command and Control (C2) systems have historically been reliant on both Decision Support and Common Operating Picture architectures. While the need for this type of capability is obvious, the ability to deliver it according to community expectations has been limited up to now by a variety of technical constraints. Those constraints include but are not limited to:

  • Management and interdependency of dozens or hundreds of interfaces
  • Static information models
  • Inability to access the systems on the battlefield (or near it)
  • Lack of correlation with other data sources (previously not digitized – i.e. RF)
  • Poor understanding or coordination of cross domain processes
Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 12:36 PM 0 comments
Labels: , , ,

Friday, March 21, 2008

Anatomy of an Intrusion Detection System - part 1

When people hear the term "Cyber" the activity that most of us think of is security - even more specifically, the image we conjure up is usually of the lonely hacker/cracker engaged in a network attack on the Pentagon. It has become nothing less than a cultural cliche.

But behind every cliche there is an element of truth - Cyber security is still the primary activity that any Cyber organization is going to have to contend with. The heart of much of this activity revolves around Intrusion Detection. Intrusion Detection means simply the ability to determine whether your networks or systems or both have been penetrated and /or compromised in some fashion. Keep in mind though that not all intrusions result in damage or information theft, but those are the outcomes that we are disproportionately concerned about.

Intrusion Detection systems first became prevalent in the mid to late 1990's. While their function is often embedded in or integrated with firewall technology, the mission of the Intrusion Detection system has always been a bit more refined that that. The key to understanding the nature of and requirement for Intrusion Detection is deeply rooted in the specific technologies we use everyday to pass data and to run our systems. It is also partially the result of a massive trend towards standardization which became operationalized for the first time during the 1990's.

That standardization made it easier for the hacking community to focus on a wider range of targets due to dependence on standardized operating systems and protocols, the same technology also opened the door for collaboration within that community to pool limited resources for problem-solving on a global scale. These were profound developments and ones that the Cyber community has yet to effectively respond to.

Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 8:47 AM 0 comments
Labels: , ,

Monday, March 17, 2008

Cyber Enclaves

A key consideration in relating Cyber Doctrine to Design is the realization that the cycle of consolidation and distribution is not likely to end. At least twice over the past twenty years, the IT industry (and the DoD along with it), have gone through massive transformations based upon the alternating desire to either consolidate or open its architecture. The reason this has happened is that new technology tends to be disruptive in nature and is often first applied from the fringes rather than the center, thus once the larger organization becomes dependent on the technology adopted at the fringes it must tolerate the distributed management that came along with it.

Perhaps the most pragmatic way to deal with this is through the recognition that this process will always be present in some form - and thus configure enterprise management in such a way that allows for both rapid adoption of new disruptive technologies as well as unified management of core IT capabilities. If this were to be adopted it would likely occur through the use of "enclaves."

So what is an enclave ? Well, it can be either the data center or an island within it but the assumption is that it is one of several (not too many) and that it represents either a functional or geographic subdivision or both. The exact ratio or number of enclaves would depend on the nature of the organization - getting the ratio right is very important. Consolidating too much will increase pressure to the fringes to deploy their own capabilities and would then lead to later massive 're-integrations " - a costly exercise.



Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 1:21 PM 0 comments
Labels: , ,

Saturday, March 15, 2008

What is NECC ?

The acronym NECC stands for "Net-enabled Command Capability." This project has been on the drawing boards since about 2005. It represents the next generation infrastructure solution for Joint management of Command and Control (C2) IT infrastructures. It lives or will live on the SIPRnet and it is entirely dependent on the core Netcentric architecture being developed for NCES (the NIPRnet counterpart for NECC).

Both NECC and NCES are loosely based upon the set of guidance begun around 2003 to define what is or isn't "Netcentric" warfare. This was all update recently (last year) and is covered in the following Services Strategy memorandum. Some years back, OSD NII and others helped to build the NCOW Reference Model to illustrate the concepts from the original 2003 guidance, but the advent or infusion of SOA technology has forced some changes on the original expectations.

The following diagram presents a high level representation of the relationship between the emerging NECC and NCES architectures:



Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 11:08 AM 0 comments
Labels: , , ,

Thursday, March 13, 2008

What is NETOPs ?

The simple answer is that this refers to Network Operations, but I've found that there are some interesting variations on this and some counter-intuitive aspects to the definition. This is important to the realm of Cyber-defense as Network Operations is where Cyber started and what many still think Cyber is limited to.

It tends to include the following categories:
  • Situation(al) Awareness
  • Information Sharing
  • Distributed Network management & control
There are several distinct architectures for NETOPs across the different branches of the Department of Defense. In the Army, we have the AENIA (Army Enterprise NetOps Integrated Architecture), in the USAF we have the Constellationnet. While there is a Joint Netops architecture managed by DISA, it doesn't necessarily map to what's being developing in coordination with DISA's support for deployment of Netcentric infrastructures - NCES, NECC.

Some of the other branches of the DoD & DHS still utilize C4ISR to capture their NETOPs environments and many have also begun to merge these architectures with ITIL-based data center deployments.

As you've probably noticed, this topic can become complicated very quickly and tends to get overpopulated with obscure acronyms. As we progress on the Cyber Defense Blog I will eventually get a chance to define all of these properly. The main idea today though is that the nature of what is considered to be network operations is somewhat nebulous and is still evolving.

If one considers that the data center houses the application hosting environment how effectively can we functionally separate these entities - where does that happen? Is the SOA stack part of the NETOPs or part of the application architecture?

more to come...

Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 3:22 PM 0 comments
Labels: , ,

Monday, March 10, 2008

The 3 Principles of Cyber Defense

It is important with doctrine to have a foundation based upon several core principles, Cyber Defense is no exception to this rule.

  • Cyberspace is unique and ubiquitous; it is both its own domain as well as a dimension within all other domains.
  • As we progress, the boundaries between cyber-operations and conventional operations will blur. Understanding that merger of capabilities and the planning for it is perhaps the greatest challenge for Cyber Defense.
  • Cyberspace represents a single point of failure. It provides asymmetrical opponents the opportunity to disrupt and defeat a vastly superior force.


















Copyright 2008, Semantech Inc.
Posted by Stephen Lahanas at 7:51 AM 0 comments
Labels: , , ,

Sunday, March 9, 2008

Introduction to AF Cyber Command

As noted in our introduction, we will be taking a close look at the new organizations charged with managing Cyber Defense and Security; we'll start today with a presentation on AF Cyber Command (The USAF's newest Major Command or MAJCOM):


Posted by Stephen Lahanas at 3:37 PM 0 comments
Labels: , , , ,

Introduction to Cyber Defense

Hello and welcome to the Cyber Defense Blog. As you might have guessed, our Blog is dedicated to covering issues on both Cyber Security and Cyber Warfare with a special emphasis on Doctrine and Architecture. While there is a certain Defense community bias in some of these perspectives, the Cyber Defense Blog in fact does represent both commercial and military concerns.

There has been much recent attention of late regarding the new DoD organizations created to manage Cyber issues as well as even more spectacular breaches in corporate Cyber security. We will try to introduce issues and concepts in context with these recent developments.

Thanks for stopping by and we hope you enjoy this Blog...
Posted by Stephen Lahanas at 3:28 PM 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)