Training in a Cyber-active Environment Using C2-Simulation - PowerPoint PPT Presentation

Training in a Cyber-active Environment Using C2-Simulation Interoperation Dr. Mark Pullen George Mason University C4I & Cyber Center, USA James Ruth Trideum, Inc.

Overview • Introduction: Importance of cyber-active training • C2-Simulation Interoperation background • C2SIM server and cyber-effects editor • Categories of cyber-effects reproducible • Testing C2SIM-Cyber in CWIX • Conclusions This paper was developed for ICCRTS 2018; it was also presented at SISO SIW in order to bring it to the attention of the military simulation community. 2

Importance of Training in Cyber-Active Environments • Two kinds of cybersecurity training: • Cyber specialists protecting from adversaries • Operational military who may have to function under cyber- active conditions • Second is subject of this paper and is critical • Forces must not be crippled by cyber activities or attack! • Concern is for cyber + electronic warfare (CEMA) because impact on operations can be similar • Actually compromising command and control (C2) systems is possible, but: • Very disruptive to training exercises • Expensive/time-consuming

Background: C2 – Simulation Interoperation (C2SIM)

C2SIM Vision We are working toward a day when the members of a coalition interconnect their networks, command and control (C2) systems, and simulations simply by turning them on and authenticating, in a standards-based environment. 5

What Does C2SIM Enable • "Train as you fight" • Using operational C2 systems • Eliminating human between C2 and simulation systems saves $$$ • Operational planning: COA analysis • Operational mission rehearsal • For Service, Joint and Coalition operations • France using to support acquisition 6

C2SIM players: NATO and SISO NATO Modeling & Simulation Group depends on SISO for open industry-based standards SISO depends on NATO Technical Activities to field and validate C2SIM technology 7

SISO C2SIM Standards • International, open standards • Initial versions • Military Scenario Definition Language (MSDL) supports initialization • Coalition BML (C-BML) provides for exchange of Tasking (orders and requests) and Reporting information • Unified Version 2 under development as C2SIM • Logical Data Model (LDM) • Initialization • TaskingReporting • Extendable to many domains 8

C2SIM Basic Architecture BML Messages Command (Orders, Reports, etc.) and Simulation Control Systems Systems BML Web Services + Initialization and Synchronization Real-time database 9

C2SIM Example: MSG-085 Final Demonstration Architecture 10

C2SIM Server • Box in the middle of previous diagrams provides information sharing service for participating C2 and simulation systems • Publish/subscribe service • Also can provide logging/replay • And provide compatibility for multiple C2 data formats • GMU C4I & Cyber Center is a traditional developer of C2SIM servers • Latest is C2SIM Reference Implementation Server • Now showing how to use C2SIM server to impose CEMA effects and thus provide cyber-active training environment

C2SIM Cyber Effects in Operational Training Expanded C2SIM Architecture BML Messages Command (Orders, Reports, etc.) and Simulation Systems Control Systems BML Web Services Cyber Effects + Message Initialization and Editor Synchronization Cyber real-time Exercise database Driver 12

CEMA Effects Represented in Server • Electronic Warfare • block a specified fraction of messages for a specified duration • block a specified fraction of messages at random intervals, off and on times both uniformly • distributed, with separate on and off mean specified • block every nth message for a specified n • block all messages from specific area (“blanket” jamming) for a specified duration

CEMA Effects Represented in Server • Cyber attacks • modify all reported locations by a specified (lat,lon) offset • modify report time by a specified (seconds, minutes) offset • block all messages from a specified device simulated device • block all message from a specified C2 system • Implementing actions on receipt of a C2 message • process the message normally • modify the message and then process it normally • drop the message

C2SIM-Cyber in CWIX 2018 NATO MSG-145 preliminary C2SIM tests (including imposed cyber effects) The CWIX test is about information interoperability • Scenario: Asymmetric peacekeeping operation in • Bogaland (terrain copied from southern Sweden) • Opposing Force: • five terrorist cells • modified commercial vehicles • weapons transport boat • Peacekeepers: • One infantry platoon • Helicopter Quick Reaction Force • Surveillance UAS • Attack UAS 15

CWIX 2018 MSG-145 C2SIM Scenario Locations Norrköping Cell 1 (NC1) Small Boat Cell (SBC) Small Boat Cell Initial Dock (SBC) Initial 12KM USAQRF US Army 1plt 1 sqd (USA1) engage Initial and observes SBC SBC docking and USAQRF attack of SBC 5KM 5KM US Army QRF (USAQRF) Initial US Army 1plt 2 sqd (USA2) Initial USA1p2 Norrköping Cyber Cell (NCC) s (USA2) Initial LC1 reinforces engage NC1 16

CWIX 2018 C2SIM Configuration • One C2IS • Norway NORCCIS/SWAP • Three simulations: • Germany KORA air UAV attack; ground force • US VR-Forces • UK JSAF air UAV recon • Supporting: • US BMLC2GUI editor (receive, visualize and push XML) • US C2SIM Reference Implementation Server • Scenario assisted by US Naval Postgrad School • Asymmetric operation with UAVs 17

NORCCIS KORA ORBA T NFFI Tactical graphics C2SIM draft standard SWAP VR-FORCES

VR-Forces Commercial Military Simulation

Phases of C2SIM Testing CWIX 2018 • Phase 0 • Confirm infrastructure is working (network and collaboration) • If necessary substitute a fallback server, simulation or order source • Phase 1 • Confirm that each client can interact with the server • C2IS, editor, and 3 simulations • Phase 2 • Test each the C2IS and each client sending C2SIM • C2IS sends orders; simulations send reports • Phase 3 • Test first air simulations, then ground simulations, then together • Repeat with cyber emulation enabled 20

Testing Results • Phase 0 Confirm network connections: ( Major change from testing plan: three of the four CFBLNet sites were not available) • However we had fallback copies of VRForces and C2SIM Server • And a recorded trace of JSAF UAS reports (Blue and Red) • So we were able to carry out most planned testing • Phase 1 Confirm server compatibility: • Success with all client-server connections except missing JSAF • Phase 2 Test C2SIM interoperation among all systems: • Success with NORCCIS sending orders to KORA and VR-Forces and receiving orders • Use recorded reports from JSAF to provide background traffic • Phase 3 All systems engaged simultaneously with cyber: • Successful with air, then ground; when testing ALL, found and fixed a bug • Cyber worked as expected 21

Conclusions • Operational training in cyber-active environment is in its infancy • Work reported here is the first to involve coalitions and standards • Results promising but we have much to learn • The approach could be extended considerably • Human in the cyber-effects loop • Use of orders to create effects in the simulations • Expanded scenarios • Other areas to be determined

MSG-145 Planning for CWIX 2019 • CWIX 2018 testing has some limitations Limited operational scope • • Only one operational military C2IS Simulations not interoperating on data side • (only C2 side) • Planning for CWIX 2019 • Increase scope of scenario and resulting C2 data flows • Have at least two operational military C2IS • Simulation data interoperating over DIS or HLA • Also planning to partner with other advanced C2 and simulation activities • Modeling & Simulation as a Service (MSaaS) • NATO Federated Mission Network planning (FMN) 23

QUESTIONS C I C U E R T Q S S T I O N S 24