|
|
 |
home > September 10, 2007 issue > article
Air Force develops a cyberspace arsenal
By Brian Robinson
Special to Defense Systems
Intelligent software agents known as cybercraft eventually could serve as the digital counterpart of aircraft carrying out missions
Defense Department officials readily acknowledge that they are gearing up for cyberwarfare, treating cyberspace as a battle domain along the same lines as land, sea, air and space. They already have years of experience defending their networks against attacks from forces overseas. But DOD officials now realize that a defensive posture is not enough: To gain dominance in cyberspace, they need the ability to take the fight to the enemy.
But with what? Just what type of weapons do you use in a cyberwar? A commander in the real world uses airplanes, guns and missiles, but how do you prosecute a mission in a world of bits, bytes and electrons?
Cybercraft could be the answer. A limited version of these cyber- vehicles was launched last year, and the Air Force thinks it could deploy operational cybercraft as soon as 2010.
A cybercraft is a collection of intelligent software agents that work together as a unit, analogous to the airframe, payload and pilot associated with physical aircraft, said Paul Phister, C4I Technologies Program Element Monitor in the Office of the Assistant Secretary of the Air Force for Science, Technology and Engineering.
Phister also is a technical adviser at the Air Force Research Laboratory’s (AFRL’s) Strategic Planning and Integration Division.
In the cybercraft, a software wrapper is the equivalent of the airframe, the payload is the cybercraft’s mission, and the pilot is the controller who ensures that the cybercraft goes where it is supposed to and does what it is supposed to.
“As with real platforms, the cybercraft can perform numerous types of operations” both offensive and defensive, he said.
In a 2005 paper in which Phister and his AFRL colleagues described the concept of cybercraft, they wrote that it could be launched from a network platform, would include embedded instructions, could be controlled from a remote location on the network and could self-destruct if someone were to recognize it.
The value of trust
The cybercraft would also operate in a stealth-like mode with a minimal footprint — if any — and like its real-world counterparts, it would be able to rendezvous and cooperate with other friendly cybercraft.
Also, cybercraft would be expected to perform at various levels, each with its own missions and objectives. As part of a long-term strategy, some might gather intelligence for months or even years, while others might conduct reconnaissance operations for tactical purposes.
Since early 2006, the Air Force has been conducting basic research in a number of areas, including self-protection guarantees.
Officials need to be able to tell if a cybercraft returning from an operation can still be trusted, said Kamall Jabbour, senior scientist for information assurance at AFRL’s Information Directorate. For example, it might have come into contact with systems infected with viruses or been taken over by intruders.
Researchers also explored the cybercraft’s environment, such as what the craft is seeing around it and how it actually projects a view of cyberspace, he said.
The analogy is, again, to the physical world. Before an aircraft and its pilot can successfully complete a mission, the pilot must know where to go, and to accomplish that, the pilot needs to recognize what is outside the cockpit — or, at least, the cockpit sensors need to know. With the cybercraft, the pilot is the controller sitting at a workstation. The cybercraft needs to know its environment not only because it’s supposed to act autonomously much of the time but also because the craft needs to be able to tell its pilot what’s going on and where it is in case any redirection is necessary.
Researchers are also starting to get a look at how cybercraft might actually perform in a real situation. Students attending AFRL’s Advanced Course in Engineering (ACE) Cyber Security Boot Camp last year built the first cybercraft, launching it on its maiden “flight” in August 2006.
This year’s ACE camp will take that further, with various groups of students building their own cybercraft to use in individual projects, said Jabbour, who is also ACE director.
The primary area of application for these early cybercraft is network defense and information assurance. That’s a natural focus, Phister said, because network defense is the most pressing problem in the cyber arena.
On a physical battlefield, warfighters often have minutes or even hours to mount a defense of military bases, he said, but in today’s world of cyberspace, that’s down to milliseconds at best before a virus or other attack penetrates the network.
“This is an excellent role for a defensive cybercraft,” Phister said. “It acts like an aircraft in the cyberdomain in that it ‘flies’ around, and when it detects a threat, it neutralizes it and then sends an alert to the network controller indicating the results. The key is being able to control the network at the edges.”
Fundamentally, the thrust of AFRL’s research is establishing how trustworthy cybercraft are and how trust can be embedded in them.
Phister’s paper recognized that, from the beginning, being able to trust that cybercraft were doing what they were supposed to do was “one of the more significant stumbling blocks” to using them in an operational environment.
“Our main focus is on how to describe that trust and then mathematically translate it to the [cybercraft] platform,” Jabbour said. “When we have that formal verification of trust, we’ll then see how the cybercraft can inherit payloads effectively.”
That’s important, he said, because cybercraft, like physical aircraft and their payloads, will be designed and manufactured by different entities, once standards and common parameters are developed that will allow any payload to be carried by all cybercraft.
Working towards 2010
Several Small Business Innovative Research (SBIR) contracts have already been awarded to private companies for work on cybercraft. They indicate that, at least in these early stages, cybercraft will depend on commercial developments.
One of those contractors is Solidcore Systems, which uses the principle of change management to provide information technology security solutions.
Most network security acts by erecting barriers to viruses and malware and actively operating against their actions. A change management approach defines a basic state for a system — in this case, the cybercraft — and then only allows changes to be made by recognized, trusted sources. If any unauthorized source such as a virus or enemy cybercraft tries to make changes, the system denies the attempt.
“The Air Force wanted to figure out how to lock down and then update a secure system,” said Bob Veritas, Solidcore’s vice president of marketing. “With our approach, if they want to change something, they can develop that [change] package, put a secure signature on it, go through the protection mechanism and then the system gets locked down again.”
These SBIR contracts helped develop several small pieces of what’s needed for cybercraft, Jabbour said. Meanwhile, awards scheduled for fiscal 2008, based on a recent broad agency announcement, will inject substantially more money into the program, and that will fund multiple six-month spiral developments over two years.
Every six months, the Air Force will hold workshops where researchers from the various communities of practice involved with cybercraft will share their results. Those workshops also will ensure that various standards are being developed in a coherent way.
The intent is that, by 2010, all of this work will lead to a launch of the first operational versions of cybercraft, Jabbour said.
One thing that won’t be comparable between the physical and cyber arenas is the expertise required by the pilots.
In the real world, beyond flight training, pilots are educated in broad technology terms, Jabbour said. Cybercraft flight officers, on the other hand, will need more specific education because not only do they operate the cybercraft but also likely will be involved in designing them and building their payloads.
|
|
|
|
![1105 Media [justice]](/images/ds1_pntmlogo.gif "1105 Media [justice]"){kind=small}
