The cyber environment grows and changes rapidly. The Army’s requirements, acquisition, and research and development cyber community collaborate consistently to keep pace with new and evolving threats.

Army cyber research, development adapts as tactical network grows

In less than a decade, Army connectivity of enterprise and tactical systems and devices has increased exponentially, thus necessitating the Army’s research, development and engineering community to protect connected networks and devices so Soldiers can complete their missions.

The U.S. Army Materiel Command’s Communications-Electronics Research, Development and Engineering Center, or CERDEC, provides the Army with expertise in cyber and electromagnetic activities, or CEMA. This expertise in defensive and offensive cyber operations and the Department of Defense Information Network, or DODIN, enables state-of-the-art cyber defense and cyber resilience for tactical networks down to the tactical edge by ensuring the trustworthiness of networks and systems.

“CERDEC’s three goals are to ensure Soldiers are able to Command the Operation, Dominate the Electromagnetic Spectrum, and can Enable and Create Decisive Effects,” said CERDEC Director Henry Muller. “In CEMA, we apply these goals by providing Soldiers with agile operations and dynamic systems and architectures that increase their awareness and understanding of a situation, and allow them to make informed decisions based on the information they have.”

CERDEC develops and transitions CEMA and cyber defense situational understanding capabilities that better enable Corps-and-below staff to detect, react and respond while the adversary attempts to destroy, disrupt, degrade, deny, deceive, or exploit information technology assets that support the Mission Command System.

Strategic partnerships across the Defense Department, other government agencies, industry and academia enable CERDEC to work from a big-picture view of the Army’s cyber challenges all the way down to specific systems and devices.

One aspect of cyber defense for mission success includes ensuring devices can send and receive encrypted information.

Send, Receive, Verify
CERDEC’s Reprogrammable System on Chip Universal Encryptor, or RESCUE, is a National Security Administration-certified common cryptographic core. RESCUE provides a framework that can be used or embedded in communications devices such as radios, satellites and computers as well as unmanned air and ground systems that use or transmit encrypted information.

“The RESCUE capability affords all government agencies or services that require encryption capabilities for modernization or development of new systems the ability to have a reusable, flexible, highly configurable and government owned solution for national security systems,” said Alpesh Patel, CERDEC Space and Terrestrial Communications Directorate, or S&TCD, CSIA Tactical Networks Protection Branch acting chief. “RESCUE will provide better life cycle management of fielded systems.”

CERDEC, in collaboration with Program Executive Office Command, Control, Communications-Tactical, is modernizing the Army’s Simple Key Loader, or SKL, by embedding the RESCUE capability.
SKL is a hand-held device used to receive, store and transmit data securely and has been part of the Army’s inventory since 2005.

“The significance of this embedment of RESCUE into updating the SKL provides an example of how the Army is addressing legacy systems obsolescence, future proofing against new cyber threats, and having a reprogrammable fill device that is key management infrastructure aware, product delivery enclave enabled, and is advance cryptographic capability compliant,” said Garry Moore, assistant product manager for the Tier 3 Fill Device under PEO C3T’s Project Lead Network Enablers.
Cryptographic engine cores like RESCUE securely process sender authentication, confidentiality, integrity and non-repudiation of messages through the use of Public Key Infrastructure, or PKI, certificates.

“The authentication proves you are who you say you are. Non-repudiation is when you digitally sign a document, we can prove you signed it, and data integrity ensures it hasn’t been modified in transit or tampered with. Confidentiality creates an encrypted session between the user and the browser,” said Bob Fedorchak, CERDEC S&TCD tactical public key infrastructure technical lead.

While systems can use RESCUE to process digital information, monitoring the PKI certificates used for authentication of these devices and web services is another added layer to the Army’s cyber challenge.

To address the monitoring of device and system certificates, CERDEC developed PKI for the Tactical Environment, or PKITE, which is a certificate and audit service tool that automatically monitors the expiration date of device and service certificates on the network and organizes that data into a dashboard.

“Monitoring device certificates is important because if a certificate expires, the webserver or the device that is using it will fail. You can no longer access the server or the function that is using the PKI piece,” Fedorchak said.

PKITE alerts the Soldier monitoring certificates that the certificate will expire in a prescribed number of days, so he or she has enough time to obtain new certificates to prevent a system or device failure.

Converged CEMA Systems
CERDEC’s strategy to address the complex cyber mission also includes adapting to a rapidly changing cyber environment to ensure Soldiers can meet and overmatch regional peers in CEMA situations.

In less than a decade, the boundaries between traditional cyber threats, such as someone hacking a laptop through the Internet, and traditional electronic warfare threats, such as radio-controlled improvised explosive devices that use the electromagnetic spectrum, have blurred. This presents new challenges and opportunities for deployed tactical assets and networks, according to Giorgio Bertoli, CERDEC I2WD acting chief scientist and senior scientific technology manager of offensive cyber technologies.

This convergence of systems led CERDEC not to solely focus its science and technology efforts on researching solutions to address specific cyber and EW threats but to develop an architecture onto which scientists and engineers can rapidly develop and integrate new, more capable solutions.

“Currently, within cyber and EW disciplines there are different supporting force structures and users equipped with disparate tools, capabilities and frameworks,” said Paul Robb Jr., chief of CERDEC Intelligence and Information Warfare Directorate’s Cyber Technology branch.

Historically, this construct has prevented the Army from being as agile as the current hybrid threat, which seamlessly moves across wired and wireless networks, said Mark Farwell, Cyber Intelligence, Surveillance and Reconnaissance Team lead with CERDEC I2WD’s Cyber Technology Branch.
CERDEC I2WD’s Integrated Cyber and Electronic Warfare, or ICE, program continues to define next-generation protocols and system architectures to help develop technology capabilities to combat CEMA threats in an integrated and expedited fashion.

“The threat necessitated that we establish an interoperability specification to assist in sharing CEMA capability awareness and coordination between these currently disparate cyber, EW and SIGINT management frameworks. By doing so, we have taken the first steps in realizing the concepts being adopted by the CEMA cell, significantly easing the coordination and synchronization burden on mission operators,” Farwell said.

CERDEC I2WD’s current effort takes this concept one step further.

“ICE focused on assisting the operators in coordinate effects. The Army Techniques and Tactical Architecture for Converged CEMA, or ATTACC, aims to fulfill the desire for cyber support at the Corp and below,” Farwell said. “With ATTACC we outline the technical requirements at both the platform and network level to actually support and be able to conduct cyber operations at the tactical edge. Such a solution also needs to be extensible, to be applicable to legacy platforms and future open architecture concepts.”

Streamlining capability efforts supports the development of CEMA tools, systems and networks for the Soldier; however, it does not account for the management of the data the Soldier now has access to in the field.

“During the past year, the Army has emphasized Cyber and CEMA situational understanding rather than only situational awareness,” Muller said. “We used to look at ‘what do we know;’ now, it’s ‘now that we know, how will the mission be effected and what are we going to do about it?’”

To account for the increasing amount of data available to the Soldier, CERDEC is working on a strategy and development effort for situational understanding capabilities.

The CEMA Situational Awareness Tactical Analytic Framework, or C-STAF, looks to better enable the Soldier to detect, react and respond despite attempts to destroy, disrupt, degrade, deny, deceive, or exploit information technology assets that support the Mission Command System. C-STAF brings together data types across complex technology domains to answer situational understanding questions for the commander’s staff.

“We are putting more and more sensors on the networks, and the more sensors on the network the more information that can be created. More information creates a situational awareness picture, but too much information at some point is going to be a detriment to the Warfighter,” said Jonathan Santos, S&TCD Information Security Branch chief.

The C-STAF initiative looks to identify essential data and develop analytics, analytics architecture, views and modeling and simulation capabilities for the expeditionary Army’s physically-constrained operational environment.

“The Warfighter’s job is so hard to start with when it comes to having just to survive and be away from home and the stresses we don’t have here. Now you’re asking them to take a very technically complex network architecture and sets of diverse radios and systems and try to protect and operate it,” Santos said.

To show just how complex and important network architecture is to the Soldier, consider the impact an attack or a network or device error may have on a mission. Army scientists and engineers must ensure infrastructure resiliency so Soldiers can complete missions even if an adversary infiltrates the network.

Cyber Blitz
CERDEC’s Cyber Blitz initiative is a series of Army events that look at staff processes and operations concepts to inform research and development. Additionally, Cyber Blitz focuses on future acquisition and materiel development for cyber and electronic warfare initiatives.

“Cyber is a relatively new or emerging area,” said John Willison, CERDEC S&TCD director. “To have confidence in the S&T investments we are making requires exercises like Cyber Blitz where we throw different problems, scenarios and challenges at users and watch them react. What data would they like to have to make a decisions? What data would they like to share with other people to inform decisions?”

CERDEC hosted Soldiers from the 25th Infantry Division in Hawaii and the 7th Signal Command Cyber Protection Brigade from Fort Gordon, Georgia for two weeks in May for civilian scientists and engineers to gain a better understanding of how Soldiers have to operate in a tactical environment.

Soldiers from the 25th Infantry Division out of Hawaii and from TRADOC Centers of Excellence participated in the U.S. Army’s Cyber Blitz April 2016 at Joint Base McGuire-Dix-Lakehurst, N.J. Cyber Blitz provides the Army a venue to observe and assess cyber and electromagnetic activity-related interactions in a Tactical Command Post.

Cyber Blitz events will help inform future Army requirements and doctrine regarding how a tactical operations center can better support the forward brigade through the use of CEMA situational awareness and understanding.

Additionally, Cyber Blitz will help CERDEC better identify the types of technologies, systems and integration capabilities Soldiers need and will actually use.

“One of the primary reasons we did Cyber Blitz was to inform the science and technology investments we are making in C-STAF,” Willison said.

As cyber is a new and large domain, inventing new ways to address specific problems does not serve the Army or the Soldier well when it comes to providing systems and tools that can protect and monitor the network. Rather, CERDEC leverages existing strengths and partnerships to get usable tools to the right Soldiers.

“CEMA domain advancements are often not due to novel technologies, but rather new applications of existing technologies. At CERDEC, we look to leverage the best of breed technology as part of an integrated capability set and anticipate and mitigate known operational gaps and challenges through novel applications of technologies,” Muller said.

___
The U.S. Army Communications-Electronics Research, Development and Engineering Center is part of the U.S. Army Research, Development and Engineering Command, which has the mission to provide innovative research, development and engineering to produce capabilities that provide decisive overmatch to the Army against the complexities of the current and future operating environments in support of the Joint warfighter and the nation. RDECOM is a major subordinate command of the U.S. Army Materiel Command.