The Risk Management of Tactical Cyber Threats in Australian Army Operations David Ormrod UNSW PhD Candidate Supervisor: Dr Edward Lewis UNSW Co-Supervisor:

Slides:



Advertisements
Similar presentations
Modelling CGFs for tactical air-to-air combat training
Advertisements

Air Force Core Functions
The Military Challenge of Cyber AOC Talk on Cyber, EW and IO Dr Gary Waters, 17 April 2012.
Evaluating the Benefit of Networked EW Systems
OneSAF & the UK Ian Greig & Stuart Taylor Analysis, Experimentation & Simulation Group Defence Science & Technology Laboratory UK MOD.
Building a Strategy for Combating Terrorism. “We have to fight terrorists as if there were no rules, and preserve our open society as if there were no.
DESEREC, an ICT for Trust and Security project DESEREC: Dependability and Security by Enhanced Reconfigurability.
RAMIRI2 Prague 2012 Project management and the RI Life Cycle.
Defense Daily Open Architecture Summit EMS Panel
Force XXI Battle Command Brigade and Below (FBCB2) Communications System
Introduction to Information Operations Attaché Corps- SEP 09
Previous Slide TRADOC DCSINT Office of the Deputy Chief of Staff for Intelligence U.S. Army Training and Doctrine Command TRADOC DCSINT.
Previous Slide TRADOC DCSINT Office of the Deputy Chief of Staff for Intelligence U.S. Army Training and Doctrine Command TRADOC DCSINT.
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
Australia and Cyber Warfare by Ian Dudgeon A presentation to the AIIA Queensland Branch 14 June 2011.
Information Warfare an Information Management Perspective JS Vorster & R P van Heerden Research Funding: DST, CSIR DPSS.
1 Air and Space Power Defined. 2 Overview  Define Air and Space Power  Competencies  Functions of Air and Space Power  Air and Space Doctrine  Principles.
C4ISR and Information Warfare
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
JOINT WARFARE, DOCTRINE AND TRAINING CENTRE (JWDTC)
JOINT FIRES AND EFFECTS TRAINER SYSTEM (JFETS). We currently rely on service component schools to inform on service capabilities, and train component.
Defense Needs for Future Information Assurance Standards John James “Know the enemy, know yourself; your victory will never be endangered.
G E R A C CONSORTIUM T H E logica EUCLID RTP 6.1 The GRACE Consortium Objective: To accelerate the application of AI techniques and advanced HCI and software.
Are Networked and Net- Centric the Same? Dr Terry Moon Head NCW S&T Initiative DSTO 30 March 2006 (NSI)
Integrating COIN and Full Spectrum Training LtCol M. B. Barry 23 Sep 2010.
DECISION SUPPORT SYSTEM ARCHITECTURE: The data management component.
Energy Consciousness Taking a Systems Approach to Energy Dr. Rachel Leslie Resilience Research Portfolio Manager Defence Science and Technology Laboratory.
Towards Appropriate Selection of Analysis Tools and Methods.
Equipment Capability Customer RIGHT KIT, RIGHT PRICE, RIGHT TIME The role of OA in experimentation? Dave Ferbrache Director Analysis, Experimentation &
Simulation of Modern Warfare Approaches in the Joint Operational Command And Staff Training System (JOCASTS) S.G. Lucek, NSC August 2005 ISMOR22.
Dstl is part of the Ministry of Defence © Crown Copyright Dstl 2012 Anticipating the Insurgent Response Fiona Browning Land Battlespace Systems Department.
16 October 2007 Focus and Convergence Challenges for Complexity Science List of Candidate Topics Focus and Convergence Challenges for Complexity Sciences.
NC-BSI: 3.3 Data Fusion for Decision Support Problem Statement/Objectives: Problem - Accurate situation awareness requires rapid integration of heterogeneous.
Previous Slide TRADOC DCSINT Office of the Deputy Chief of Staff for Intelligence U.S. Army Training and Doctrine Command TRADOC DCSINT.
Previous Slide TRADOC DCSINT Office of the Deputy Chief of Staff for Intelligence U.S. Army Training and Doctrine Command TRADOC DCSINT.
Parallel and Distributed Simulation Introduction and Motivation.
Parallel and Distributed Simulation Introduction and Motivation.
Import of New Security Environment Keys to Transformation: Exploit Technology Exploit DOD ability to integrate processes Result: JV2010 Vision shall.
POLISH CAPABILITY DEVELOPMENT FOR ARMOURED AND MECHANISED FORCES
C4ISR and Information Warfare Naval Weapons Systems.
Formulating a Simulation Project Proposal Chapter3.
© Copyright 2009 All Rights Reserved 1 Measuring DLoD impacts in trials David Hathaway 26 th ISMOR.
FA50 Qualification Course
Network-Enabled Platforms – Tools to Maximize Operational Performance.
Agenda Commandant’s Vision Recent Events The Army The Chemical Corps Joint Warfight Relevance 2.
Assessing the Military Benefits of NEC Using a Generic Kill-Chain Approach David Nevell QinetiQ Malvern 21 ISMOR September 2004.
On the application of simple OR models to the Land Force Peter J Dortmans, Stephen Bourn, Richard Egudo, Svetoslav Gaidow, Wayne Hobbs & Denis Shine Land.
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
U.S. ARMY 4632A21 Information Operations and Public Affairs 1 3/1/2007 BNCOC PA Supervisor Course Information Operations.
Boeing-MIT Collaborative Time- Sensitive Targeting Project July 28, 2006 Stacey Scott, M. L. Cummings (PI) Humans and Automation Laboratory
HUMAN DIMENSION MCDP 1 OVERVIEW Understanding of the physical dimensions of combat.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
 The benefits of interior lines could be gained either by central position or superior lateral communications.
Burke-Macgregor Group LLC Change is Imminent Key Point: Bill Gates, the founder of Microsoft, noted that when waves of change appear, “You can duck under.
FLTLT Matthew Murphy Growler Transition Office – Air Force Headquarters UNCLASSIFIED.
Employment Considerations: Considerations at the Outset of Combat
UNCLASSIFIED 6/24/2016 8:12:34 PM Szymanski UNCLASSIFIED Page 1 of 15 Pages Space Policy Issues - Space Principles of War - 14 June, 2010.
Army Cyber Command 2nd U.S. Army
United States Army Combined Arms Center A next generation simulation architecture supporting both Computer Generated Forces (CGF) and SAF operations Provides.
INFANTRY SMALL UNIT LEADER COURSE
Center of Excellence in Cyber Security
PLACEHOLDER SLIDE ON SIPR!
Name of the idea Description and Military Application Maturity
Name of the idea Description and Military Application Maturity
Multi-Domain Battle: Achieving Cross-Domain Synergy
Experimentation and Operational Research
Each unit brings a specific capability to the overall mission.
Bush/Rumsfeld Defense Priorities/Objectives A Mandate For Change
ADEISA – Industry’s contribution to ADF Superiority of the EMOE
Software Security Slide Set #10 Textbook Chapter 11 Clicker Questions
Presentation transcript:

The Risk Management of Tactical Cyber Threats in Australian Army Operations David Ormrod UNSW PhD Candidate Supervisor: Dr Edward Lewis UNSW Co-Supervisor: Dr Spike Barlow DSTO Co-Supervisor: Dr Fred Bowden

Cyber threats and Army operations Management of uncertainty in combat Advantages of network-enabled combat force Attacking the network Deception Targeting trust Research methodology Implications for wargaming

Decision making in combat is about managing uncertainty (risk) Precision Ambiguity Friction High levels of risk Redundancy Sensor to shooter links Interconnected systems Network Centric Warfare Full Spectrum Operations Common Operating Picture “…a far smaller, lighter and more mobile force can operate at a greater range and with higher precision than at any time in human history”. Source: Adamsky, 2010

History demonstrates the advantage of network enabled combat Historical Examples The German Army of World War Two – analog network, appropriately equipped and trained personnel Stryker Brigade - digitized network with documented benefits in comparison to the standard light infantry unit US ‘Thunder Runs’ on Iraqi defenses in Operation Iraqi Freedom - networked Blue Force Tracking (BFT) systems

Enhanced situational awareness Benefits of network enabled land combat forces (as an integrated package) Source: Gonzales, 2005 Network enabled awareness Enhanced situational awareness

A near peer adversary will also seek to obtain information dominance “The Armed Forces [are] now so dependent on information and communications technology, should such systems suffer a sustained cyber attack, their ability to operate could be fatally compromised”. Source: UK Ministry of Defence, 2013 “…the underlying infrastructure becomes a single point of failure. It is thus likely that the enemy of a networked force will target the underlying technology by conducting information warfare, net warfare or communication infrastructure warfare” Source: Aho and Candolin 2004 p10

History demonstrates the advantage of attacking the network Historical Examples The German Navy of World War Two – Admiral Donitz. Enigma, Ultra and Bletchley Park. The alignment of virtual data to reality: USS Vincennes - Iran Civilian Aircraft 1988; and Patriot Missile System - RAF Tornado 2003. Stuxnet – Attack on Iranian nuclear program. Centrifuges and C2 attacked. Cyber Electro Magnetic Operations (US Doctrine)

Manipulating communication channels, misdirecting strategic or tactical action and confusing an opposing force’s SA. Incorrect information creates uncertainty or validates invalid theories Ambiguity – Increased noise. Misleading – Reduced noise, wrong alternative Neutralization - compromising the trust of the user. Capitalization - retaining the trust of the user, whilst manipulating information to have them act against their own interests. Deception Network-enabled deception is a theatrical production, combining data in a complimentary way to produce a coherent and coordinated storyline of misinformation. Trust is critical to the analysis of information in complex systems and the management of risk. Deception Planning Deception Execution

Information security models do not consider the commander’s perspective The difference between the potential tactical results, with and without the cyber attack, is the true operational effect. This is difficult to quantify because of the large number of variables inherent in both decision making and tactical combat. Mission impact, as a third order effect, is not network denial of service or compromised data.

The target of a cyber attack should be the human interface Offensive Cyber Operations Benefits Deny an adversary’s use or access to information, thereby impacting their decision making process. Source: United States Army FM3-38 Malware signatures can trigger intrusion detection systems, in itself reducing trust. “The benefits to an attacker using cyber exploits are potentially spectacular… Military Commanders may rapidly lose trust in the information… Once lost, that trust is very difficult to regain”. Source: Defense Science Board, 2013

Contributions to Knowledge Provide a method for measuring the effect of a successful C4ISR information attack on tactical land combat objectives in order to determine the best response to its risks; and Defining the role of resilience on military tactical decision environments despite the growing dependence on technology in command and control.

Research Questions Q1 Q2 Q3 Q4 What contribution does information deception make to tactical military operations when it forms part of an integrated deception plan? Q2 What effect can a successful information attack have on tactical combat outcomes? Q3 How does a tactical combat decision maker manage the risks associated with an information attack on their C4ISR system? Q4 What role does resilience play in the military tactical decision environment?

Hypothesis for Q2 Q2: What effect can a successful information attack have on tactical combat outcomes? H1 Alternative: A successful information attack on a C4ISR system has a negative effect on the victim’s tactical combat capability (BattleGroup level). Increased casualties, increased duration (time), increased resources expended and decreased situational awareness. H0 Null: A successful information attack on a C4ISR system has no effect on tactical combat capability (BattleGroup level).

Observing the relationship between effects Block Breach Clear Destroy Battlefield (Kinetic System) Deceive Distract Deny SA Reduce trust Situational Awareness (Temporal and Cultural Systems) For example, distrust in the security of Enigma was reportedly linked to the Director-General of Signals for the Luftwaffe in WWII refusing to send operational orders by radio (Ratcliff, 2006). Intrusion Destruction Collection Compromise Data and Information (Cyber Electro Magnetic Operations)

Research Method Quantitative dominant mixed methods research approach. Triangulation. Experimentation campaign - Sequential triangulation Phase 1. Literature review. Phase 2. Historical analysis. Phase 3. Semi structured interviews (approx 60 Army officers). Phase 4. Model development. Phase 5. Cyber range – representation of communications and cyber model. Phase 6. Combat simulation 1 - Constructive, closed. Phase 7. Combat simulation 2 - Human-in-the-loop.

Proposed Simulation Toolset Closed Loop EINSTein/CROCADILE/MANA: Multi-agent combat simulation Self organised emergent behaviour Programmable agent behaviours Human in the Loop OneSAF/JCATS or VBS3: US Army entity level land combat simulation – may include visualisation Higher fidelity but requires command input (human)

Cyber Range Representation of: Allows: Virtual environment; Data packets; Communication nodes. Allows: Injection of malicious files; Disruption of data; Attacks on specific nodes. Comparison of data, information and decisions. Is this wargaming?

Combat Simulation 1 – Closed loop Closed loop simulation – multiple runs. Complex adaptive system – explore scenarios (less realistic). Feeds the human-in-the-loop simulation. Identify key variables for analysis: Effect of terrain; Effect of mission – attack, defence, mobile, static. Effect of trust and SOPs; Value of differing communication channels; Value of specific sets of information; Value of specific nodes – recon/OP/retrains/logistics/CP; Integration of OCO and integrated deception plans. Is this wargaming?

Combat Simulation 2 – Human in the loop Options: Simple simulation – VBS3 allows CNR Sim and Visualisation. Focus on human decision making - JCATS and OneSAF. Experimentation tools – Combat XXI (issues with human in the loop). Differing simulation runs – as an example: C4ISR is not compromised. C4ISR is compromised, no deception (compromised confidentiality). C4ISR is compromised and deception occurs (compromised integrity). C4ISR is compromised and denial of service occurs (compromised availability). Modelling of the enemy: live human; decision points set by human; or scripted AI. Is this wargaming?

Implications for Wargaming Relevant: Terrain (desert vs complex environment). Decision making (the human interface). Tactical effect (defend vs attack). Practical – the human interface with the machine. Repeatable: Focus on small and well defined aspects of the problem. Simulation – scenario based, red teamed (AI). Selection of the best simulation approach.

Architecture and Models

The type of network and its information sharing features

Measuring Effect Mission Success Casualties Combat Power Primary Objective Secondary Objective Casualties Combat Power Ability to hold objective Ability to conduct subsequent operations

Existing Cyber Simulation in a ‘Wargame’

Next Steps Semi Structured Interviews complete. Model development ongoing – artefact expected late 2015. Thesis submission planned for mid 2016.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.