Research note: Cyber defense of tactical networks

Why this word cyber? There are dozens of government definitions for cyberspace the environment defined by the concept of cyber itself. Such a nebulous concept such as cyber is going to cause angst and at any major hacker conference and likely much drinking. However, the word has specific connotations that are very important and should be considered. The originations of the word to describe an environmental characteristic of technology is much older than even the Gibson book Neuromancer. The word came into United States government thought from other nations efforts to describe the broader technology concepts and took hold in the mid 1980s and early 1990s.

That word cyber is important as it helps describe an environment that is important to be considered holistically rather than within task and technique technology silos. When that enterprise information communicaton  element is going to be in a known physical hostile environment such as a military tactical network there is much to consider. Network defense itself is a part of cyber but it not the only element that we have to deal with. Focusing on the elements of the OSI 7 layer stack does not fully protect an enterprise from hostile interactions like munitions and significant directed energy.

Defining tactical networks (the last mile versus the end user) is conceptually difficult for some enterprise architects. Consider that your information communication technology solution will not only be exposed to the hostile environmental characteristics of sea, sand, and heat. Consider that your network infrastructure will be the final resting place of high speed ammunition, will be exposed to explosive and concussive forces that the user will not survive, and in the end is guaranteed to end up in the hands of an adversary. This is your last mile of the enterprise network. It challenges the concepts of the user base with unapologetic expectations of operator success. It challenges the enterprise operator with certification and accreditation objectives created in the operational vacuum of “normal” enterprise operations. The military last mile is a different can of worms.

There are big rocks in the jar of network defense. The homily of how do you put all of that in a jar and the person starts with the biggest rocks and finishes with the sand applies in some ways to last mile tactical network defense. Though the original story is about time management the analogy applies to trust. The last mile of a tactical network that is engaged with an enemy is also the most real time critical and the least requiring of significant data repository.

A soldier on the last mile needs to be able to communicate the “now” and less the “later” of decisions. This big rock is the time factor of security and trust. There is a small amount of literature about time based security, but there is much less about it rather something like mandatory access controls or discretionary access controls. Time based access and crypto solutions for this type of access make much more sense. We have to insert a caveat here and now. When we talk about tactical networks we are not talking about the locations of a battalion or likely even company headquarters element. They feel like they are the last mile, but in reality the operational characteristics of any headquarters elements is enterprise level. There are some counter examples, but they are rarer than you would assume.

Another big rock in the last mile of a tactical network is the equipment construction itself. We have a tendency under military specification to build stuff hardened, expensive, and bulky to meet those needs. In an era of disposable cell phones it might be time to revisit this construction paradigm. The loss of a piece of crypto enabled information technology equipment today is catastrophic. It perhaps is time to think about software defined self destruction mechanisms and equipment that is resilient by ubiquity rather than ruggedness. I am by far not the first person to suggest this change.

I have covered the generational cyber weapons concepts for several years but in the context of tactical networks and the last mile some interesting things become obvious. Start with the idea of where the kinetic and electronic warfare (spectrum) interact with the information and digital technology terrain. Taps, traces, bombs, bullets, and electromagnetic spectrum weapons operate upon the targets in this generation of weapons. Wire cutters and other forms of physical instantiations have a tendency to focus on disruption, degradation, and denial of operation. You must be careful to not assume we are talking about the information domain. Anything can be represented as information but it does not mean it is information. As such various forms of telemetry and command and control are actions represented in the information domain but not in fact part of it. That is why we need that larger concept of cyber to contain these differentiated activities.

Generation 1 cyber weapons

The idea that you have wires and a physical carrying capacity for signals and information is nothing new. What is new is that we open the door to a much more holistic concept and take into account these hostile actions in the area of tactical networks and the cyber aspects inherent in protecting them. Few enterprise architects are considering active high power electromagnetic spectrum weapons.

Hacking, cracking, and other forms of information assurance and security nightmares usually happen at the logical and non-physical layers of the cyber spectrum. More importantly the concept inherently relies on the known protocols and known information states on top of a physical infrastructure that may or may not be known. As we deal with real time systems and command and control coordination networked systems the domain gets fuzzy. Sensor networks on the battlefield serve as friend/foe identifiers, geo-location monitors, and fires detection (where somebody is shooting at you from). Sensor systems that are human dependent for command and control include devices that are targeting, target and weapons selection, and high speed trajectory analysis type systems. All of these weapons systems are based off of optical, acoustic , infrared, and various physical properties such as electro magnetic and magnetic field sensors. Anything that emits radiation or a power signature can be targeted on the modern battlefield. Unfortunately almost all communications gear falls into this category. Beside the physical attacks though the exploitation of targets through their programming and software interfaces is possible. The electronic exploitation factor through vulnerabilities imposed or exposed gives us a nice break between the physical attack and logical attack.

Generation 2 cyber weapons

When the two elements are fused of electromagnetic spectrum with the logical layers of the cyber realm you have information access attacks with multi-agent and holistic capabilities. Now with this fused weapons category everything is a target and everything is a sensor. All of the last mile in the tactical network should be useable to both detect adversary activity within and outside of the tactical network. The wireless tactical network is likely already getting telemetry from the activities surrounding it that degrade, disrupt or deny communication. Few adversaries are using their own tactical networks as a sensor system to agency outside the network domain itself. More the pity.

Generation 3 cyber weapons

More than just a way to think about generational weapons concepts it leads to capabilities and vulnerabilities that haven’t been considered yet. The third generation of cyber weapons are defensive and offensive in nature. They are not constrained by the exploit, access, and disrupt paradigm. They can both detect what is happening around them in the physical meatspace, but they can also inject and protect themselves in a variety of ways. There is no reason that the large cyber network of the modern battle group should not be able to utilize all of that connectivity for more than watching cat videos. Th least mile though is subject to many attacks across a variety of platforms and capabilities.

 

 

 

Leave a Reply