By Kris Osborn
In the field and quickly support operational cyber-warriors with the latest upgrades, techniques and threats, service officials said.
The new lab, engineered as a subset of the larger Army Research Lab, is specifically geared toward supporting ongoing combat operations, given the pace or trajectory of evolving cyber tactics. Results from near term analysis and research will be quickly sent to Army Combatant Commanders, and operational cyber-warriors send back new anomalies, tactics and attack strategies associated with enemy cyber attacks.
“Change within cyber is constant. Things we are working on this year are not things we will be working on next year. We need a laboratory that is rapid so that if there is emerging space we can address it an move on, providing input to Army Cyber,” Curtis Arnold, Chief, Sustaining Base, Network Assurance Branch, Army Research Lab, told Scout Warrior in an interview. “A big component of the laboratory is that with an operational focus we are narrowing response time.
Response time is of critical operational relevance, as Commanders now conducting cyberwar against ISIS have talked about the need to rapidly change tactics as a way to maximize effect. Operational Inherent Resolve officials have explained that cyberattacks and electronic warfare techniques have made it very difficult for ISIS units to communicate with one another across large distances. Furthermore, US cyber warriors have also succeeded in disrupting or destroying ISIS social media efforts and some recruiting initiatives. As a result, an operational link to cutting-edge cyberwarfare techniques is expected to be of tremendous value to global cyber commanders.
The Army is also intently focused on near-peer threats such as Russia and China; China has been known to repeatedly launch cyberattacks upon US military networks. In fact, a recent Defense Science Board report cited Chinese cyber espionage as succeeding in acquiring valuable US weapons specs - such as those of the F-35. Also, it is not surprising that Russia remains a clear focus in light of recent allegations of Russian hacking into US elections processes.
With all of this in mind, Army cyber warriors recently sought to detect and fight off simulated Russian cyberattacks in a mock-cyber combat exercise called Cyber Quest. The exercise was designed to replicate, mirror or match the most sophisticated modern and future threats likely to be confronted by US cyber warriors.
The research, which includes both short and long-term exploration, is oriented toward both IT systems, computer networks and increasingly interwoven weapons systems - which rely on cyber tech for communication, precision targeting and execution, Arnold explained.
US military cyber experts, members of industry, IT experts as well as academics are all being assembled to collaborate on cyber issues in the new laboratory. The new effort is segmented into particular focus areas such as big data analytics, industrial control systems, automation, virtualization, machine learning and artificial intelligence.
Big data analytics can quickly present new challenges for a variety of key reasons; a larger data flow can make it difficult for servers to “flex” as needed to accommodate rapid jumps in data coming through. Secondly, algorithms are needed to organize incoming data and identify anomalies or potential intrusions. There is also a growing need for more real-time monitoring of activity on a message “bus,” because standard analytics methods based on probability and statistical probability often detect intrusions after the fact and are not always reliable or 100-percent accurate, cybersecurity experts and analysts explain.
Virtualization and movement to the cloud brings both substantial advantages and risks; while it aids with data consolidation, streamlined activity and a smaller hardware footprint, integrated data systems and networks can also increase the scope of impact a potential cyber might be able to have.
“Too much consolidation can leave you vulnerable,” Arnold explained.
Cloud technology is all based on virtualization, can use software to perform functions typically performed by hardware or segregated servers, Arnold said.
“You can wind up giving all your data away to run on systems that are owned by other people. How do you limit risk and protect things that are outside of your command?” Arnold asked.
It is not surprising that machine-learning, automation and artificial intelligence are areas of enormous priority for the new laboratory. Computer automation can have both offensive and defensive functions. Algorithms and computer programs can replicate human activity to deceive potential intruders to then gather information about them and quickly devise defensive measures or counterattacks.
“There are multiple ways computers can mimic what humans have done. It is just faster. Sometimes we use automation and we know we are dealing with a threat. We look for ways to address it or cut it off,” Arnold added.
A key portion of this, naturally, is to enable rapid detection of various kinds of intrusions such as phishing attacks, watering hole, denial of service attempts or effort to hack into data networks to steal information. “Honey Pots” are another technique used defensively and offensively by cyber warriors; these involve efforts to create an attractive web location as a means of luring would-be attackers to glean information about them and counterattack as needed.
In addition, there are many instances where automated systems can more quickly and safety perform procedural activity typically done by humans; this can both save time, improve the pace of enemy detection and ease the cognitive burden upon human actors who can then focus on more pressing challenges.
“We are looking at being able to enable our analysts to avoid hundreds of thousands of things usually performed by a human. However, just because we automate certain tasks, this isn’t a one-for-one replacement of humans,” he said.
Many cyber experts maintain that, despite the increased processing speeds enabling machines to perform many functions faster, there is still a substantial need for the problem-solving, dynamic human brain to respond in real time to fast-changing circumstances. Human cognition, when it comes to these kinds of functions, is still measurably ahead of computer technology, many experts and observers maintain.
Algorithms using artificial intelligence and automation can also improve ISR analysts’ ability to organize incoming information such as data flowing through networks or video feeds from drones.
“A system will identify a reconnaissance scan to make sure they are getting the right results,” Arnold said.
Overall, a group of about 4o to 50 researchers will be briefing other ARL experts and connecting with key parts of the academic, allied and industrial communities.