Training in a Cyber-active Environment Using C2-Simulation - - PowerPoint PPT Presentation

Training in a Cyber-active Environment Using C2-Simulation Interoperation

• Dr. Mark Pullen

George Mason University C4I & Cyber Center, USA

James Ruth

Trideum, Inc.

Overview

• Introduction: Importance of cyber-active training
• C2-Simulation Interoperation background
• C2SIM server and cyber-effects editor
• Categories of cyber-effects reproducible
• Testing C2SIM-Cyber in CWIX
• Conclusions

This paper was developed for ICCRTS 2018; it was also presented at SISO SIW in order to bring it to the attention

• f the military simulation community.

2

Importance of Training in Cyber-Active Environments

• Two kinds of cybersecurity training:
• Cyber specialists protecting from adversaries
• Operational military who may have to function under cyber-

active conditions

• Second is subject of this paper and is critical
• Forces must not be crippled by cyber activities or attack!
• Concern is for cyber + electronic warfare (CEMA) because

impact on operations can be similar

• Actually compromising command and control (C2)

systems is possible, but:

• Very disruptive to training exercises
• Expensive/time-consuming

Background: C2 – Simulation Interoperation (C2SIM)

C2SIM Vision

We are working toward a day when the members of a coalition interconnect their networks, command and control (C2) systems, and simulations simply by turning them on and authenticating, in a standards-based environment.

5

What Does C2SIM Enable

• "Train as you fight"
• Using operational C2 systems
• Eliminating human between C2 and simulation

systems saves $$$

• Operational planning: COA analysis
• Operational mission rehearsal
• For Service, Joint and Coalition operations
• France using to support acquisition

6

C2SIM players: NATO and SISO

NATO Modeling & Simulation Group depends

• n SISO for open industry-based standards

SISO depends on NATO Technical Activities to field and validate C2SIM technology

7

SISO C2SIM Standards

• International, open standards
• Initial versions
• Military Scenario Definition Language (MSDL) supports

initialization

• Coalition BML (C-BML) provides for exchange of Tasking (orders

and requests) and Reporting information

• Unified Version 2 under development as C2SIM
• Logical Data Model (LDM)
• Initialization
• TaskingReporting
• Extendable to many domains

8

C2SIM Basic Architecture

Command and Control Systems Simulation Systems

BML Messages (Orders, Reports, etc.)

BML Web Services + Initialization and Synchronization Real-time database

9

C2SIM Example: MSG-085 Final Demonstration Architecture

10

C2SIM Server

• Box in the middle of previous diagrams provides

information sharing service for participating C2 and simulation systems

• Publish/subscribe service
• Also can provide logging/replay
• And provide compatibility for multiple C2 data formats
• GMU C4I & Cyber Center is a traditional developer of

C2SIM servers

• Latest is C2SIM Reference Implementation Server
• Now showing how to use C2SIM server to impose CEMA

effects and thus provide cyber-active training environment

Command and Control Systems Simulation Systems

real-time database

BML Messages (Orders, Reports, etc.) BML Web Services + Initialization and Synchronization Cyber Effects Message Editor Cyber Exercise Driver

C2SIM Cyber Effects in Operational Training Expanded C2SIM Architecture

12

CEMA Effects Represented in Server

• Electronic Warfare
• block a specified fraction of messages for a

specified duration

• block a specified fraction of messages at random

intervals, off and on times both uniformly

• distributed, with separate on and off mean

specified

• block every nth message for a specified n
• block all messages from specific area (“blanket”

jamming) for a specified duration

CEMA Effects Represented in Server

• Cyber attacks
• modify all reported locations by a specified (lat,lon)
• ffset
• modify report time by a specified (seconds, minutes)
• ffset
• block all messages from a specified device simulated

device

• block all message from a specified C2 system
• Implementing actions on receipt of a C2 message
• process the message normally
• modify the message and then process it normally
• drop the message

C2SIM-Cyber in CWIX 2018

NATO MSG-145 preliminary C2SIM tests (including imposed cyber effects)

• The CWIX test is about information interoperability
• Scenario: Asymmetric peacekeeping operation in

Bogaland (terrain copied from southern Sweden)

• Opposing Force:
• five terrorist cells
• modified commercial vehicles
• weapons transport boat
• Peacekeepers:
• One infantry platoon
• Helicopter Quick Reaction Force
• Surveillance UAS
• Attack UAS

15

CWIX 2018 MSG-145 C2SIM Scenario Locations

Small Boat Cell (SBC) Initial Small Boat Cell (SBC) Dock US Army QRF (USAQRF) Initial Norrköping Cell 1 (NC1) Initial US Army 1plt 1 sqd (USA1) Initial and observes SBC docking and USAQRF attack

• f SBC

US Army 1plt 2 sqd (USA2) Initial Norrköping Cyber Cell (NCC) Initial

USAQRF engage SBC USA1p2 s (USA2) engage

12KM 5KM 5KM

LC1 reinforces NC1

16

CWIX 2018 C2SIM Configuration

• One C2IS
• Norway NORCCIS/SWAP
• Three simulations:
• Germany KORA air UAV attack; ground force
• US VR-Forces
• UK JSAF air UAV recon
• Supporting:
• US BMLC2GUI editor (receive, visualize and push XML)
• US C2SIM Reference Implementation Server
• Scenario assisted by US Naval Postgrad School
• Asymmetric operation with UAVs

17

NORCCIS KORA VR-FORCES SWAP

ORBA T Tactical graphics NFFI

C2SIM draft standard

VR-Forces Commercial Military Simulation

Phases of C2SIM Testing CWIX 2018

• Phase 0
• Confirm infrastructure is working (network and collaboration)
• If necessary substitute a fallback server, simulation or order source
• Phase 1
• Confirm that each client can interact with the server
• C2IS, editor, and 3 simulations
• Phase 2
• Test each the C2IS and each client sending C2SIM
• C2IS sends orders; simulations send reports
• Phase 3
• Test first air simulations, then ground simulations, then together
• Repeat with cyber emulation enabled

20

Testing Results

• Phase 0 Confirm network connections: (Major change from

testing plan: three of the four CFBLNet sites were not available)

• However we had fallback copies of VRForces and C2SIM Server
• And a recorded trace of JSAF UAS reports (Blue and Red)
• So we were able to carry out most planned testing
• Phase 1 Confirm server compatibility:
• Success with all client-server connections except missing JSAF
• Phase 2 Test C2SIM interoperation among all systems:
• Success with NORCCIS sending orders to KORA and VR-Forces

and receiving orders

• Use recorded reports from JSAF to provide background traffic
• Phase 3 All systems engaged simultaneously with cyber:
• Successful with air, then ground; when testing ALL, found and

fixed a bug

• Cyber worked as expected

21

Conclusions

• Operational training in cyber-active environment is in

its infancy

• Work reported here is the first to involve coalitions

and standards

• Results promising but we have much to learn
• The approach could be extended considerably
• Human in the cyber-effects loop
• Use of orders to create effects in the simulations
• Expanded scenarios
• Other areas to be determined

MSG-145 Planning for CWIX 2019

• CWIX 2018 testing has some limitations
• Limited operational scope
• Only one operational military C2IS
• Simulations not interoperating on data side

(only C2 side)

• Planning for CWIX 2019
• Increase scope of scenario and resulting C2 data flows
• Have at least two operational military C2IS
• Simulation data interoperating over DIS or HLA
• Also planning to partner with other advanced C2 and

simulation activities

• Modeling & Simulation as a Service (MSaaS)
• NATO Federated Mission Network planning (FMN)

23

QUESTIONS

N I O U Q T E S S

24

I S T R C C