This presentation is attached to a white paper. That document is intended to provide a baseline for Project Briefs and to increase awareness on how a Cyber Warfare Simulation (CWS) should be intended and developed.
It will provide a simplification on the different, related, activities on this field and an overview on how they could be merged into a simulation engine, as well as the related requirements and possible applications for a Simulation Company
If interested to receive the white paper as well as the PPTX file, plesase email me with few words.
thanks and enjoy!
3. INTEGRAL SIMULATION CHALLENGE HOW TO TRAIN/EVALUATE THE CHAIN OF COMMAND NEW TRAINING FIELD AND SCENARIOS INCREASED DECISION MAKING PROCESS SPEED FASTER THREAT EVOLUTION VS CORPORATION RESPONSES SOLUTIONS THRU ADAPTABILITY PROCEDURES & CONCEPTS
PURPOSE OF THE DOCUMENTThis document is intended to provide a baseline for Project Briefs and to increase awareness on how a Cyber Warfare Simulation (CWS) should be intended and developed.It will provide a simplification on the different, related, activities on this field and an overview on how they could be merged into a simulation engine, as well as the related requirements and possible applications for a Simulation Company.
CYBERWARFARE ACTIVITIESThere are many descriptions related to the meaning of the Cyber warfare, but for the purpose of this document we would refer to a deliberate action provided within the cyber domain in order: to provoke, or in response of, or to prevent a certain damage. Consequently we could classify those activities under the following categories.Cyber AttackAssumed to have the legal power to do so, this action is initiated with the deliberate objective to provoke an electronic damage to the opponent network and data.Within this category could be considered also actions in response of data stolen.It has to be planned as a normal fighting but the battle rhythm should be measured in milliseconds instead of hours.Cyber DefenceTo this category belongs all actions performed in direct consequence to any attack carried against the perimeter of the network under control. This require a deep planning in order to provide automatic response to all known different attacks and to restore the freedom to operate within own boundaries (at least), including the data recovery if required.It could encompass the creation of the so called “sand boxes” where the attacker could be led to believe it already breached the defenses.Cyber SurveillanceThis is the normal activity that any big enterprise perform to identify any possible threat before it turns into a real attack.Time between a decision taken and the possibility to verify on the battlefield the effects of that decision.The effort is consequent upon the risk of any possible loss of network data and is run by using the so called Intrusion Detection Systems (IDS).This is not just a passive activity, since modern IDSs are able to trigger automatic discover software in order to determine and classify even the nature of simple sniffing activity, as prodrome of possible attacks. But in this case the purpose is just the reconnaissance, better than provoke any damage or being discovered by the possible intruder.Legal implicationsIn any case, every time one operator receive an order to perform actions with effects outside the perimeter of his own network, it’s necessary to understand all legal consequences and possibly choose options that provide also a legal coverage.This could led to reform some laws as well as to create a perfect symbiosis between Cyber warfare procedures and associated laws, not just for avoiding mistakes but also for anticipating legal retaliations.
THE CHALLENGE OF AN INTEGRAL SIMULATIONThere are currently a lot of initiatives devolved to train operators to run some surveillance and defense activities. We’ve also seen some courts that authorized limited attack actions in order to restore safer environments and guarantee the so called Information Assurance , But the challenge to train and evaluate a complete set of skills including the chain of command is still undergoing.This is mainly because all actors involved, personnel skills, threats (the software) and networks (the scenario) are evolving faster than any possible, releasable, product that industries might release.This would mean that instead to develop a training software it would be easier and proficient to insert, in what is already on the shelf, with concepts, ideas and procedures.The only upgrade that needs to be arranged is related to the hardware and software in order to create a virtual scenario where all Cyber warfare activities and procedures could be appropriately tested.information assurance: Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Building the scenarioThe scenario is the most possible perfect replication of the real network purpose of the simulation. It must be developed by using virtual software that would permit rapid adaptation and need to be set with the same security rules of the real one.In effect, since the command and control structure that is under simulation is already a real network, what need to be included in a normal current Simulation Software ( in order to comprise, from now on, the Cyber warfare) are the external networks that interface the C2 network.The following graphic could explain better this concept.Currently, units exercise C2 activities without any concerns on them networks. Simulation Centers simply offer them an easy solution where the servers are just providing always all required services without any possible failure because that is just out of the exercise concern.In close future, scenarios need to be built by incorporating the real network that sustain the C2 structure under exercise, including any possible connection with the opposing forces. This picture details better the idea where all C2 structures should be responsible also of their networks including their protection, availability and continuityThis mean that in future we will have no longer just C2 Simulation but a complex C4 (Command, Control, Communication and Computer) simulation.
Building the scenarioThe scenario is the most possible perfect replication of the real network purpose of the simulation. It must be developed by using virtual software that would permit rapid adaptation and need to be set with the same security rules of the real one.In effect, since the command and control structure that is under simulation is already a real network, what need to be included in a normal current Simulation Software ( in order to comprise, from now on, the Cyber warfare) are the external networks that interface the C2 network.The following graphic could explain better this concept.Currently, units exercise C2 activities without any concerns on them networks. Simulation Centers simply offer them an easy solution where the servers are just providing always all required services without any possible failure because that is just out of the exercise concern.In close future, scenarios need to be built by incorporating the real network that sustain the C2 structure under exercise, including any possible connection with the opposing forces. This picture details better the idea where all C2 structures should be responsible also of their networks including their protection, availability and continuityThis mean that in future we will have no longer just C2 Simulation but a complex C4 (Command, Control, Communication and Computer) simulation.
REQUIREMENTSIf a Project need is identified, this will take into consideration a comprehensive development that will overcome the usual software/hardware production and will concentrate also on leveraging human capabilities and their relationships Human skillsOperators at every level are using computer interfaces. This mean that from the single infantry fighter up to the Commander in Chief, they need to be trained to identify a threat and respond to it appropriately. Nonetheless, they could also act as an unwitting (or maybe not) opponent element.IT infrastructure (Hardware)Simulation Centers will probably need to upgrade the Server Farm, but this much will depend on how much big will be the ambitions in this regard. Bigger inclusions of simulated worlds will require progressive augmentation of real servers, even if it could be studied a solution that incorporates the emerging trends of Cloud Computing and reduce the economic effort.SoftwareSoftware is not a concern per se, since there are many software houses and independent programmers that develop hacking tools, both for protection or aggression.The most challenge comes from inserting faster decision-making procedures, incorporating into a CW-C2 console all selected hacking tools and not the least, leveraging the decision-makers to act also in a new war domain, the Cyber Space.Procedures Very connected with the latter, should probably drive the software development. In fact, in this warfare domain, where, as said at the beginning, the battle rhythm is measured in milliseconds, procedures will also need to be updated almost constantly.SERVER FARM: Current terminology that indicates a group of servers devoted to many purposes but capable to being logically relocated where the major computing effort is required.CLOUD COMPUTING This emerging technology permit to rely on servers from different locations which provide services on demand, when the simulations run, instead of buying standing capabilities.CW-C2 Cyber Warfare – Command and Control
APPLICATION FIELDSThe CW simulation would benefit all areas where computers exchange operational information, since those information are continuously threaten to be denied, delayed, intentionally modified or stolen.Consequently, it is important to train Users, CW Fighters and Decision-Makers to the correct use of procedures and tools in order to protect the data integrity of them working domains and guarantee the abovementioned Information Assurance.For this reason CW simulation won’t be important just for restricted areas, but it will necessarily encompass the need to protect National networks and maybe considering some coalitions.This means that, step by step, maybe using a spiral approach, it could be possible to enlarge the scope of a CW Simulation, to incorporate different networks and different realities.JCATS releaseThe first easy application field could be a special release of the JCATS software. In this case, developing a CW-C2 console for the CW Fighters and Commanders as well as for the simulation controller, Units, at all levels, will start to deal with network protection and counter-attacking the enemies on the same field. This is a new combat capability that will test at least networks integrity and operators reactions.Cyber Combat Training Centers (C-CTC)The next development could be a specific CTC where it could be exercised just the Cyber warfare domain. Maybe envisaged for special units with special hardware capabilities and connected with a normal simulation centre where a normal C2 training is running in order to enlarge the training scope.Enterprises Cyber WarfareRequired for Enterprises having worldwide presences and need to guarantee Information Assurance across different networks. It could exercised in many different ways thanks to the cloud computing technologies and the virtualization software. National/Coalition levelThe higher effort would be running exercises among National Agencies testing integral protections across a coalition of willing Nations. Within a globalized world, to have just a strong, secured national network, will not help any future trade or concurrent military effort.