Missions are under constant threat of cyber-attacks that can cause the denial of critical services and the loss of data confidentiality. The application of proactive cyber defenses can help prevent these attacks, but may also endanger the mission by exhausting system resources when the defenses are not optimally implemented. The potential for cyber friendly-fire increases when adding moving-target defenses (MTDs) to the defensive posture of the mission system. The Command and Control of Proactive Defense (C2PD) program provides a capability to balance cyber security with mission assurance by generating the optimal defensive posture for a cyber security administrator (CSA) to deploy based on metrics of the mission system’s attack surface, mission requirements, and the combination of proactive cyber defenses.
Introduction
In today’s cyber environment, attackers have an asymmetrical advantage over cyber defenders. This advantage comes from the idea that perfect security does not exist without hindering the system’s usability. Cyber defenders must lock down every entry point and attempt to account for undiscovered vulnerabilities, while an adversary must only find one way to breach the attack surface, which is the attacker’s view of a system. With current defense deployment, an adversary sitting on a host or network has virtually unlimited time to perform reconnaissance and plan attacks. The adversary’s unequivocal advantage makes the cyber defender’s task of deploying and configuring defenses quite challenging.
A CSA ideally wants their system to appear to be nondeterministic to an attacker, however this conflicts with static defense approaches. The new defense classification of MTDs changes the attack surface over time, which makes the system less predictable. MTDs create command and control (C2) challenges for a CSA. The deployment of any cyber defense consumes resources needed for mission execution. A CSA must maintain mission assurance while providing cyber security. Although a CSA is concerned with system security, they are equally as concerned about mission assurance, which is dependent on a predictable system. A CSA must balance system security with system resource consumption, mission execution, and defense interoperability. This information overload makes it difficult for a CSA to make an intuitive decision about deploying available cyber defenses.
Command and Control of Proactive Defense (C2PD) is an Air Force Research Laboratory program to provide a decision-support capability for automated deployment of MTDs and other proactive defenses. C2PD determines the optimal defense configuration based on metrics of attack surface, defense characterization, and mission requirements. It generates metrics for different defensive postures and determines the optimal configuration to present to a CSA, which is automatically deployed to the system via an integrated C2 framework upon selection. Figure 1. C2PD Process Flow Chart shows the inputs and process for C2PD’s defense determination.
The objective of this research is to produce an automated procedure for producing defensive configurations that allows a CSA to maximize non-deterministic system appearance from the perspective of an attacker while maintaining deterministic system behavior for mission assurance. A product of this research is the ability to show that this automated process of generating and implementing a defensive posture significantly increases the difficulty of any attack against a mission system compared to a manual version of this process. Additionally, the speed of the automated course of action (COA) generation outperforms an intuitively designed manual configuration. Most importantly, the resulting defensive posture provides both mission and information assurance through the provision of a deterministic quality of service while using MTDs. The remainder of the paper is organized as follows. Section 2 provides background on MTD research. Section 3 defines the attack surface and security metrics relating to overall system security and resource consumption. Section 4 details the generation of defense configurations. Section 5 describes how a modular framework unifies communications across a system and deploys cyber defenses. This paper does not discuss mission characterization; however, it is required to generate defense configurations and prevent cyber friendly fire.