IT 2 EC 2020 Blending Cyber Effects into Live, Virtual and Constructive Simulation Cyber Training Blending Cyber Effects into Live, Virtual and Constructive Simulation Daniel J. Lacks, PhD 1 , Stephen Lopez-Couto 2 , Kevin Hofstra 3 1 Chief Scientist, Cole Engineering Services, Inc., Orlando, Florida, USA 2 Senior Program Manager, Cole Engineering Services, Inc., Orlando, Florida, USA 3 Chief Technology Officer, By Light Professional Services, Inc., Denver, CO, USA Abstract — US DoD Multi Domain Operations include cyber operations, yet the same integration of cyber and kinetic forces within military M&S training systems is limited. Problems exist not only representing and integrating cyber effects within current M&S systems, but also with training soldiers using computer models tuned for kinetic interactions. This work examines integrating cyber operations into LVC training operations by focusing on cyber terrain, modeling, and interoperability. We discuss the DIS Standard Information Operations Protocol Data Unit (IO PDU) and the Cyber Kinetic Effects Integrator (CKEI) approach. With the popularization of the Digital Twin concept, digitizing the cyber terrain representation as a realistic simulated battlefield offers a promising and efficient way to integrate capabilities for training and mission rehearsal. M&S tools import commercial software network topology formats to create Digital Twin network topologies. The OASIS TOSCA standard may be a foundation for a future M&S cyber terrain standard. 1 Background preponderance of the training audience operates at the tactical level (the L and V) . The US Army’s CEMA US DoD Multi Domain Operations (MDO) include cyber concept aims to fill the gap between tactical and operations, yet the same integration of cyber and kinetic operational cyber, so LVC based training approaches to forces within military Modeling and Simulation (M&S) satisfy these emerging operational concepts must be training systems is limited. Problems exist not only defined, and systems to provide the training must be representing and integrating cyber effects within current developed. M&S systems, but also with training soldiers using computer models tuned for kinetic interactions. There is a 1.1 A Definition of Cyber LVC lack of modelling non-kinetic interactions and their effects on kinetic actions and performance [1-12]. Cyber training Traditional kinetic training simulations are classified as a using virtualized “ranges” matured significantly in recent part of the Live, Virtual or Constructive domains based years, however they remain mostly segregated from the primarily on the equipment utilized, how the user interacts traditional M&S systems. with the simulation and how the world is represented. Cyber training is applicable in different types of LVC - Live Simulation: Utilizes operational equipment in a training scenarios where digital and network-centric physical location that is established for training. The warfare are utilized: terrain is the real world, with modifications to meet - Command Staff Training whose adversaries use specific training objectives. network-centric digital tactical communications, - Virtual Simulation: Utilizes a physical or virtual situational awareness, and planning equipment. simulator of a real system in a simulated virtual - Using, disseminating, or protecting data that could world. compromise your security or combat effectiveness. - Constructive Simulation: Utilizes a software model - Intelligence collection, fusion and analysis of physical equipment in a computer simulated - Tactical operations that rely on digital systems environment. - Maintaining digital or networked/networking equipment. The level of detail of the software models, realism of - Staff that operates with cyber defense and offense opposing forces and targets, and other system specific teams in a kinetic environment (CEMA). features can vary, but the terrain and physical interface - Engaging adversaries with digital or networked utilized by the training audience defines the domain. equipment. Cyber M&S systems should be classified similarly, to aid The goal of this research is to inspire the exercise event designers in the selection and utilization of tools for directors and scenario designers to take LVC training specific use cases. beyond basic cyber hygiene by including the impacts For cyber M&S, it is feasible to reduce the simulation between cyber warfare and kinetic and non-kinetic effects. domains to just two: Live and Constructive. Within the US DoD, offensive cyber operations and the - Live Cyber Simulations: Utilize actual OCO and predominance of defensive cyber operations are conducted DCO operational equipment (kit) in a virtual cyber at the core or higher echelons; they are not tactical level range environment. resources. In a kinetic LVC training event, the
IT 2 EC 2020 Cyber Training Blending Effects Cyber into Live, Virtual and Constructive Simulation - Constructive Cyber Simulations: Utilize cyber [14]. Systems engineers in the multitude of M&S configurable models of OCO, DCO, user emulation, projects need to define how the interactions between cyber traffic generation, etc. action simulators and kinetic and non-kinetic simulators impact each other as applicable to user requirements. Figure 2 discusses the interfaces utilized across the LVC domains in kinetic and cyber simulations. Fig. 2. Trainee interfaces to simulations across the LVC domains in kinetic and cyber simulations In the context of cyber simulations, it is feasible to merge the Live and Virtual domains. The purpose of virtual simulations in the kinetic space is to mitigate the Fig. 1. Effective cyber warfare training blends cyber actions need to utilize expensive, resource limited physical with kinetic and non-kinetic effects for all trainees . equipment and training ranges. Most operational cyber “equipment” is software, which can be replicated and 2.2 Cyber Kinetic Effects Integrator (CKEI) utilized directly for training. Similarly, a cyber range is a collection of virtual computers and networks, not a Academia explored LVC cyber-kinetic interoperability physical piece of land. This negates any advantage that a and demonstrated it starting in 2016. Carnegie Mellon virtual simulation provides over a live simulation in the University’s Software Engineering Institute developed cyber M&S domain. CKEI that prototyped interoperating the One Semi- There are two additional distinctions that further blur Automated Forces (OneSAF) simulation in a configuration the line between the Live and Virtual domains for cyber. called CyberSAF to link the live Simulation, Training, and A Live kinetic simulation typically operates on real world Exercise Platform (STEPfwd) cyber simulator and the terrain that has been modified to meet specific training constructive kinetic simulator. The successful prototype objectives (such as MOUT sites), along with simulated was also used for mission training by integrating STEPfwd weapons (and sometimes, targets). A Live cyber with the Virtual Battlespace 3 (VBS3) virtual gaming simulation does not typically utilize real world terrain (in simulator. CKEI allowed effects (like the triggering of an this case an operational network) since creating a duplicate alarm) to propagate across the two synthetic environments, representation in a virtual range environment offers a allowing cyber warriors and warfighters to better nearly identical experience to the trainee as the operational understand what their counterparts bring to the fight. The network in a much safer manner. This is not the case in CKEI interface identifies basic states of operations kinetic simulations where there is no true replacement for (operational, compromised, and disabled) so the the physical world. Further, while the use of simulated techniques of the live cyber operators are not targets and weapons is typical in kinetic Live simulations, communicated over LVC protocols. This provides a Live cyber simulations offer the ability to train using simple mechanism to transmit cyber effects over a Cross actual weapons (malware payloads) and target systems. Domain Solution (CDS) without having to expose sensitive information [15]. 2 Research The lesson learned from CKEI research is that complex cyber, kinetic, and non-kinetic missions can be combined with a simple interoperability approach using only three 2.1 Cyber Training mission elements in the data model: the system being Solutions applied to federating simulation and Command changed, the cyber state of the system, and the new value and Control (C2) systems using the North Atlantic Treaty of the change. For example, a webcam (the system) is Organization (NATO) Modeling and Simulation Group compromised (the state) and is turned off (the value). The (MSG)-170 highlight that cyber training is a combination exchange of those three data elements enables cyber of modeling impacts between cyber actions and their actions to bidirectionally impact kinetic and non-kinetic corresponding kinetic and non-kinetic effects (Fig. 1) [13]. warfare between simulators. Cyber actions are specific tactics and techniques cyber warriors use to conduct attacks, employ effects, and create 2.3 Distributed Interactive Simulation (DIS) countermeasures. Kinetic warfare is terminology used to Information Operations (IO) Protocol Data Units express lethal effects where as non-kinetic warfare (PDUs) expresses non-lethal or soft effects such as diplomacy and
Recommend
More recommend