This quarter’s CSIAC Journal contains five articles that offer some perspectives to address the often-heard phrase “Cyber Is Hard”, usually associated with gnashing of teeth and exasperated sighs.
In particular, how can the Department of Defense deliver new concepts across the train/exercise/execute spectrum to provision cyber capabilities that can effectively address the rapidly changing world of cyber. To call cyber “multi-faceted” is too simple. Compared to the standard observation about near-sighted people observing an elephant in the room (everyone sees an aspect of the elephant, but nobody can see the whole animal), cyber is more like a zoo of animals in a room and the people are trying to find a single cage to put them in by collaborating on what their specific animals are like. Common ground is hard to find. Effectively moving forward involves smart people addressing as much as they can in their domain, while collaborating amongst themselves to share vocabulary and discover any possible higher-level common threads to help tie things together. The articles following cover many ideas and perspectives for the “cyber-as-zoo” we find ourselves in. The way ahead, unsurprisingly, is to maintain our focus on models and pragmatic demonstrations of practical aspects of cyber, while maintaining a dialogue and collaboration across domains. Over time, that approach will build a cyber terrain much like the modern equivalent of zoos, without cages – larger spaces, effective partitions, shared interactions where reasonable, higher-level understanding of relationships between domains.
The first article from Dr. Jamie Acosta, et al, from the Army Research Laboratory Center for Cyber Analysis and Assessment and the University of Texas at El Paso delves into the many aspects of training in the cyber domain, and the steps they have taken collaboratively across many tools, participants and goals to provide effective workshops that train/test/analyze cyber professionals at different levels. Identified early in that article is a specific observation that real network traffic of interest is very, very difficult to come by in the training domain. Real-world cyber defenders (organizationally and personally) are very hesitant to reveal full details about their defenses, problems, or actions (specific configuration of tools, actual threats, network traffic, etc.) – and for perfectly good reason. Unlike describing kinetic and physical battles that have occurred (…flanking maneuver, or flanking manoeuvre is a movement of an armed force around a flank to achieve an advantageous position over an enemy **…), a cyber event is valid and actionable far beyond the physical space/time in which it first occurs. The authors then provide insight into their approach to making a positive impact on cyber professionals by integrating multiple tools into an emulation/simulation environment. They give specific instances of training objectives, components, and results that show us a realistic path to building better cyber professionals.
The second article is a thought article about standardization of cyber professional qualifications. Dr. Christopher Seedyk from U.S. Army Research Laboratory identifies a difficult problem to solve – how do you reconcile high-level, slow-moving standards at a policy level with fast-moving execution of cyber activities in an incredibly dynamic cyber-world in terms of qualification standards? Both ends of the spectrum are valid. Standards across large organizations are best formulated for long-term strategies across the work force. Effective execution of cyber actions requires up-to-date skills and understanding to keep up with patches, malware, zer0-days, etc. Chris leverages a Department of the Navy (DoN) personnel qualification standard to hypothesize an approach to connecting the general to the specific with appropriate update epochs to provide a possible path toward realistic cybersecurity competency assessment that supports the Department.
Artificial Intelligence (AI) integration into cyber operations will continue to grow, resulting in a need to integrate human and artificial “professionals” into teams. The best expected future will be teams of assets that share information between them to develop and execute the best actions to fulfill a military objective. It would not be difficult to hypothesize a scenario unfolding where a human team member expresses significant emotional aspects to their thoughts and actions. To bring some of the basic ideas of AI into this scenario, in particular the components at the Artificial Neural Networks (ANN) level, into better focus across readers of different backgrounds and domains, we asked Erik Wemlinger who is a Senior Data Scientist at Syracuse Research Corporation (SRC) to give some background and identify some of the knowledge management aspects of ANNs and intelligent emotion and sentiment analysis that could impact us in a future interaction environment that includes sharing ideas, knowledge, data, and decisions.
Moving from training and qualification, toward exercises and mission execution, Dr. David “Fuzzy” Wells and Derek Bryan from the United States Pacific Command (USPACOM) update progress on the Cyber Operational Architecture Training System (COATS), a long-term High-Level Task sponsored through the Defense Modeling and Simulation Coordination Office (DMSCO). Over the last four years, COATS has been a very pragmatic exercise enabler, combining historically difficult objectives of both the kinetic and physical and the cyber and logical domains. The authors identify with specificity the roadblocks they have encountered and addressed along the way, along with ideas and recommendations for what comes next.
In the final article for this journal Giorgio Bertoli and Stephen Raio from the United States Army Communications-Electronics Research, Development and Engineering Center which tackles pragmatic execution of cyber missions under the popularly cited context of “Key Cyber Terrain.” This article is the best representation of the “cyber-as-zoo” problem covered earlier. It is absolutely natural for any given domain expert to view cyber in terms and concepts derived from their vocabulary; domain-restricted models are part and parcel of how we as humans solve problems. It is also almost impossible to come to a collaborative cyber capability with that approach.