You are here

Adaptive, Immersive Training to Counter Deception and Denial Tactics, Techniques and Procedures (TTPs) for C4ISR Networks


OBJECTIVE: Develop a cyber-training environment that represents current actual environments and can be easily adapted by the users to support different training requirements. DESCRIPTION: Cyber warfare is no longer a nascent domain with few players and negligible consequences. In the past two decades, state and non-state actors have repeatedly demonstrated the capability and intent to exercise their influence through network operations. In addition, cyber security is recognized not only as a military domain, but as a civilian threat documented by President Obama"s 2009 Cyber Security Initiative (White House, 2009). Effective cyber security training is vital to develop the cyber force capable of protecting our interests at home and abroad. Currently Air Force cyber training relies primarily on instructor-led classroom (stand-up) training, rudimentary exercises and scenarios conducted on previous-generation systems. Given the low level of technical complexity, current training systems are configurable by the instructors, and can be reset at will in the event of a failure or crash. These training networks are modeled after operational Air Force networks and include diverse elements such as routers, switches, Windows/Linux OSs, proxies, and firewalls through virtualization; however, they lack incorporation of the complexities of today"s real-world environments (system load, number of actors, and breadth of applications). Additionally, there is no inherent capability within current training systems to effectively model and enable pattern recognition analysis and synthesis. The current state-of-the-art technologies are largely centered on individual subject-based learning, platforms, and scenario-based war-gaming. While there is a vast array of products on the market today (e.g., gaming) that enable/support these learning areas, there is no known single technological solution which meets the Air Force need for a virtualized network environment that will integrate realistic network analysis, and attack and defense scenarios, into a deployable, modular platform to serve as a training tool for Air Force cyber operators. To fill the gap between the current state-of-the-art and the desired end-state, research is required to advance the science in the areas of working within highly complex virtual environments, and when fielded includes the capability to incorporate evolving cognitive science developments. The final training system should be virtualized in a manner that is compatible with the current Air Force Net and easy to deploy and reset. The training system should closely replicate the complexities of current real-world cyber environments. The network should include realistic traffic generation that is modifiable by an instructor. The network should represent a variety of devices and protocols. The system should include network attack and defense scenarios based on present-day exploits and tactics. Scenarios should be adaptive and include multiple learning pathways for differing skill levels. Scenarios should include simulated actors performing network attack and network defense functions. Instructors should be able to efficiently author new scenarios. The result will be the ability to effectively model and enable pattern recognition analysis and synthesis. The system should enable the development of skills to mitigate adversarial attempts at blocking access for obtaining any critical threat information (e.g., information and INTEL of operations, communication, computer networks, documents of strategy and tactics, organizational diagrams via wired or wireless). The capabilities of this product should also include allowing for forensic analysis. The system capability should include the ability to simulate the effect of a variety of denial and deception tactics including cyber-attacks, embedding viruses in networks, or emplacing adversary sensors within Blue systems to obtain intelligence information, implement denial of service attacks, damages, or complete destruction of communication and computer networks. PHASE I: Define the system requirements. Identify appropriate components to create a system design. Analyze the software necessary to enable the system to work. Propose a design to be built and demonstrated during Phase II. Demonstration of laboratory breadboard prototype hardware during Phase I is highly desired, but not required. PHASE II: Build and demonstrate the training system in a relevant environment. The system must meet requirements as stated in description above. Additionally, design should show significant consideration for human factors, including, but not limited to: flexibility, modularity of design, adaptive to changing environments, tailorability and inclusion of cognitive science advancements. Level of the system by the end of Phase II is TRL 6, and preferably TRL 7. PHASE III DUAL USE APPLICATIONS: Tools and technologies for cyber defense training are marketable and sought after in both the U.S. government and private industry.
US Flag An Official Website of the United States Government