All this research yields results, many of which transitioned to practice as tools and systems. For example, Interrogator is an ARL-developed suite of network monitoring, intrusion detection and intrusion analysis tools. Used at ARL, as well as at a number of other organizations, its architecture is optimized for government cyber security operations, for defense against sophisticated threats, and for rapid insertion of research tools as plug-ins. Another example, Interrogator-in-a-Box, was developed for defense of mobile tactical networks. In addition, DShell is a framework for forensic analysis, popular with users at government agencies. ARL researchers attracted multiple, valuable international collaborators – and a good number of comments on social media – when they developed an open-source version of DShell and placed it on GitHub (see GitHub.com/USArmyResearchLab). Other examples of practical tools developed at ARL include COBWebS, a simulation tool that incorporate cyber warfare elements into training exercises, and a decision support tool for cybersecurity assessments, which helps perform assessments using public knowledge sources and custom data.
Looking further out, our long-term campaign of cyber research is guided by the vision of the future Army battlefield. In the year 2040, it will be a highly converged virtual-physical space, where cyber operations will be an integral part of the fight (Kott et al 2015). Cyber fires are the activities that will degrade, disrupt, deny, deceive and destroy not only informational, computational and communication resources of the adversary, but also the physical capabilities of its platforms, weapons, robots, munitions, and even of personnel. Cyber maneuver refers to activities that will rapidly move and transform the friendly informational-computational resources to deny the adversary an opportunity to attack, while imposing on him a new unsolvable problem (Fig. 2). Cyber fires and maneuver will rely on effective cyber intelligence collection capabilities.
Operating on multiple time scales, often far faster than human cognitive processes, in a highly dynamic, non-contiguous battlefield, these fires and maneuvers will join the conventional, kinetic fires and movements. Future cyber capabilities will have to support continuous (real-time, not just deliberate) planning and execution of highly agile, daring, aggressive cyber fires and maneuvers This will be performed in a way that is necessarily highly automated and reliant on machine intelligence, and yet responsive to human intent and guidance.
For these reasons, our cyber research efforts will increasingly focus on developing the models, methods, and understanding to overcome existing barriers to the realization of effective cyber fires and maneuvers in a tactical environment. The goals of this work are to pursue near-autonomous detection and identification of malicious activity directed at friendly networks; methods to rapidly respond to adversarial activities; predictive characterization of network vulnerabilities; and a robust framework to assess networks. Moreover, our research program will focus on the realization of methodologies for the reliable reconfiguration of friendly cyber assets to evade or recover from attack; covert means for collection and predictive analysis of enemy actions; and methodologies to degrade or destroy adversarial cyber assets with high certainty and predictable probabilities of kill. The articles assembled in this special issue reflect some of the steps ARL is taking towards this ambitious vision.
Fig. 2 ARL cyber research is increasingly focused on cyber fires and maneuvers in tactical environments
ACKNOWLEDGEMENTS: Iris Saunders helped prepare the manuscript, Jerry Clarke built the presentation that served as the outline of this introduction, and Latasha Solomon orchestrated the development of all articles for this issue.