Thursday, March 15, 2012

Army Cyberwarfare R&D

Just ran across this interesting article from August of 2011 with Georgio Bertoli, the Army's I2WD Offensive Information Operations Branch Chief. Some highlights:
There are few specifics Bertoli can provide about his work because so much of it is classified. But the primary goal of cyber warfare, he explains, is to provide warfighters with a non-kinetic means of striking enemies without permanently destroying infrastructure. The second goal is to disrupt, deny and degrade enemy operations and prevent them from strategizing and communicating.
His team, which consists of 20 government engineers and support contractors, uses software-defined radio, electronic warfare, signals intelligence and other technologies to help build what the Army refers to as its future force.
"Just like a handgun versus a Howitzer," he says, "there's a whole spectrum of tools."
 To give an example of some of those approaches, here's a good presentation he gave at the C4ISR conference that's worth a review. In it, he highlights the differences between CNO (Computer Network Operations) and EW (Electronic Warfare) and the pros and cons of each.

Some other comments from the article:
Unlike kinetic warfare, in which one weapon potentially can thwart multiple enemies — "a bullet is a bullet," Bertoli notes — cyber-warfare typically requires a family of tools. For instance, what works on one particular waveform or network may not work on another.
"So now you have this huge toolbox. How do you manage that? How do you train somebody to be proficient in them?" Bertoli asks. It would be akin to teaching soldiers to use a different gun for each enemy. His team at CERDEC is working to create a common look and feel for cyber tools so they're easy to learn, and to develop a common framework so developers don't have to start from scratch with each weapon.
That reminded me of a solicitation hit the Internet that his group put out that solicited technologies from industry back in 2009. I went online to see what they were asking industry to provide for ideas and found as of Feb 2012 it's the same BAA from 2009. The document is available on the Army site here, and has lots of fun stuff for all the hackers out there. I won't include all of it for brevity, but here's what is listed under Computer Network Operations:
CNE and CNA support shall include but not be limited to:
    • Network discovery and mapping tools capable of operating in a relatively low bandwidth tactical environment and avoid or circumvent network/host-based IDS 
    • Destroy, disrupt, deny, deceive, degrade, delay, target, neutralize, or influence threat information system networks and their components, and Threat C4-ISR systems and nodes and other battlefield communications and non-communications systems
    • Understand various types of tactics, technologies, and tools used to perform CNO.
    • Vulnerability identifications and testing of both wired and wireless networks 
    • Techniques that can be used to find and route communications data through predefined path (accessible route) or to a particular location (cooperative nodes)
    • Methods for performing both distributed and coordinated CNO missions
    • Non-Access dependent CNO technique R&D 
    • Identification, capture and manipulation techniques for data in transit. 
    • Stealthy, real time, precise (within one meter) geographic location and mapping of Threat/adversary logical networks and their components. This includes, but is not limited to the following:
    Ø Individual work stations, terminals, and/or PCs, either networked or stand alone
    Ø Computer networks of any scale (both wired and wireless)
    Ø Virtual Private Networks (VPNs) (both wired and wireless)
    Ø Computer network components (local and/or backbone)
    Ø Displays
    Ø PCS and other commercially available wireless device types
    Ø Government owned or managed private communications networks (military or non-military)
    Ø Trunked Mobile systems or other networked commercially available communications systems
    Ø Telecommunications equipment (e.g., Private Branch Exchange (PBXs), corded and cordless phones)
    Ø Cryptographic components
    Ø Other peripheral components
    • Stealthy, non-cooperative access to logical networks and their components, that overcome threat/adversary best attempts to protect such networks and components. Proposals submitted under this sub-topic shall specify both hardware and software protection measures forming the basis of the target network environment
    • Stealthy, non-cooperative access to RF devices, communications networks and their network components, non-communications networks and their components, and other RF-centric networks and their components, to develop revolutionary TTPs that overcome threat/ adversary best attempts to protect such networks and components. Proposals submitted under this sub-topic shall specify both the hardware and software protection measures forming the basis of the target network environment
    • Stealthy, non-cooperative network discovery software tools, countermeasure capabilities and TTPs that overcome threat/adversary best information assurance/protect measures. Proposals submitted under this sub-topic shall specify both hardware and software protection measures forming the basis of the target network environment
    • Stealthy, non-cooperative network characterization tools and TTPs that overcome threat/adversary best information assurance and protection measures. Proposals submitted under this sub-topic shall specify both hardware, software, and protocol or transmission protection measures forming the basis of the target network environment
    • Stealthy logical network exploitation and/or countermeasure software schemes and TTPs capable of surgically inserting intelligent software agents into threat/ adversary logical networks, regardless of protocols in use or available
    • Stealthy intelligent software agents and TTPs for exploitation and countermeasures of threat/adversary logical networks, and other network-centric networks and their components, and/or Command and Control networks and their components.
    • Stealthy component mapping of logical networks and location data correlation and deconfliction with other all-source intelligence data 
                TTP is Tactics, Techniques, and Procedures for the uninitiated. They also have sections talking about their interest in a CNO framework, software agents,  and EW/IW techniques.

                If anyone has ideas in those areas they have submission information on their acquisition page. Not anywhere near as user-friendly as DARPA's Cyber Fast Track (CFT), and I'm confident they won't be as quick either. It's not been as well advertised though, so I'm sure they'd love to hear from some innovative people out there interested in building cyber tools. Sounds like fun!