You are here

Cyber Training Big Data Analytics and Visualizations


TECHNOLOGY AREA(S): Info Systems, 

OBJECTIVE: Develop an innovative technical application of big data analytics and visualizations for cyberspace operations training environments and datasets that support virtualized compute, network, storage nodes, high fidelity synthetic internet/grey space traffic, specialized hardware-in-the-loop assets, and threat actor signatures/emulation. The capability would support the ability to collect, correlate, extract, visualize and assess Cyber Mission Forces (CMF) embedded within high fidelity training environments across defensive/offensive operations and from individual, collective and force level training continuum. 

DESCRIPTION: As stated within the Command Vision for United States Cyber Command (USCC), the Department of Defense’s cyber warriors conduct a full spectrum of daily operations in a contested, dynamically challenging cyberspace against near-peer competitors and adversaries. The outcomes of these operations are to ensure support for military operations, defend the nation against cyberattacks of serious consequence, and protect DoD information networks. As such in 2018, USCC, as a combatant command, announced 133 teams reaching full operational capability across USCC and Service Cyber Components for such missions. As these teams have been rapidly built out, maintaining and enhancing readiness through realistic, high fidelity training is critical to projecting multi-domain military superiority across the full spectrum of conflict. As such, established to provide a standardized cyberspace operations training platform for the CMF, the Persistent Cyber Training Environment (PCTE) is spearheading the capability development of an on-demand, self-service enterprise training platform across cyber mission sets across individual-collective-force level training. As the CMF training platform, PCTE will enable CMF operators to plan-prepare-execute-assess on-demand training content, environments, tools, and datasets that can be readily re-used and shared across the DoD. As CMF individuals and teams execute the training continuum lifecycle, PCTE will be utilized to plan, define, and deploy high fidelity training events consisting of virtualized instances of compute, network, and storage coupled with automated actors, realistic traffic profiles, key terrain, master scenario event list (MSEL) injects, cyber tools, intelligence artifacts, and assessment criterion to replicate real world conditions enabling cyber readiness. As such environments are defined and executed, a significant breadth and depth of digital activities transpire that are required to be collected, extracted, transformed, visualized and correlated to aggregate results, trends and playback/replay scenarios in order to obtain a more refined quantitative and qualitative understanding of achieving training objectives, standards, and conditions. Data sources within these environments include but are not limited to network traffic flow capture, node health state, in-range sensor instrumentation, operator activity, scenario injects/effects, collaboration methods, and observations against training objectives. To date, many of these sources of datasets are individually and in stove-piped fashion captured that can potentially be collectively mined to more comprehensively understand performance, assessment, and collate after action reviews overtime with trends and predictions. Processing through machine language with artificial intelligence could potentially be applied to achieve an integrative data analytics and visualization capability tailored for cyber training. Moreover, layered around the cyber event environment, the PCTE platform provides a suite of tools, applications, and repositories that are access by CMF operators whose data can be further accessed to understand over trends in popular tools, content, and assessment patterns across training profiles. The utilization of a big data platform and visualization applied to cyber training specific analytics and collective data interpretation would significantly add to understand individual, tea, and force level performance against training objectives and results across AAR playback, analysis, assessment, and trends/projections. 

PHASE I: Phase 1 should perform a study to investigate concepts and approaches for leveraging, integrating, and applying big data analytics and visualization technologies for utilization within DoD CMF cyberspace operation training environments. The initial conceptual design should include means of storyboarding the problem set and walking through the plan-prepare-execute-assess process for cyber training events. Specific consideration across data sources, transformation, enrichment, storage, analytics, visualization and alerting should be addressed as well its application to cyber training across assessment, performance measurement, event monitoring/activity, and AAR/playback. 

PHASE II: Phase 2 extends the deliverable concepts and approaches of big data analytics and visualization for cyber training environments and implements a proof-of-concept prototype that could be applied within the PCTE platform. Initial prototypes could be demonstrated within a standalone environment and gradually phased into the PCTE platform through agile scrum execution based on currently defined cyber training environment and scenarios. The prototype should consider specific aspects of Phase 1 investigation and demonstrate visualization dashboards, data feeds, aggregation, and correlation that provide deeper insight, results, and near-real time results and activity of CMF individuals and teams within cyber training environments and events across a variety of data sources. Additionally, trends and predictive analysis could also be demonstrated based on CMF operator use of specific content, injects, and other platform specific services, repositories, and tools to provide feedback on overall utilization metrics. 

PHASE III: A big data analytics and visualization capability would have significant operational military applications and SBIR research transition prospects. As the DoD training platform, PCTE has the mission to provide tools and capabilities to measure, collect, warehouse, and provide data visualizations of on-demand training environments executed by CMF operators at individual, team, and force level continuum. Next, a number of corresponding cyber operational and even other DoD modeling and simulation (M&S) programs of record could leverage this effort for transition purposes. Commercial application for use within financial, cybersecurity, and gaming technologies could also be made. 


1: Command Vision for US Cyber Command. "Achieve and Maintain Cyberspace Superiority." April 2018.

KEYWORDS: Cyber, Cyberspace, Operations, Big Data, Analytics, Visualization, Artificial Intelligence, Machine Learning, Extract, Transform, Load 

US Flag An Official Website of the United States Government