Abstract: For military networks and systems, the cyber domain is ever-increasingly contested and congested space. Defenders of these systems must fight through adversary action in complex tactical and strategic environments. Just now completing its third year, the Cyber-Security Collaborative Research Alliance has sought to develop approaches for understanding and countering adversaries. The goal of this work is to develop a new science of cyber-decision making in military networks and systems. In this article we introduce the conceptual framework for this new science and consider its core research elements of detection (situational awareness), risk (measurement and assessment), and agility (adapting systems to evolving threats); overlaying this is the human dimension of users, defenders and attackers. We conclude by articulating a vision for future military cyber-operations.
Cyber systems have changed the nature of warfare and the military. Real-time intelligence, autonomous and semi-autonomous systems, and improved command and control provide strategic advantages that save lives and make operations more effective, efficient and economical. Such systems are now essential to strategic networks supporting day-to-day military operations and tactical networks operating in hostile environments. The ever increasing reliance on cyber and cyber physical systems to conduct the Army’s mission has in turn led to increasing number and sophistication of attacks on military cyber networks. Future Army networks will be a heterogeneous converged mix of wired networks, mobile cellular and mobile ad hoc networks. Nodes will consist of a variety of sensing, computing, actuating and communicating devices with diverse capabilities, and will be relatively disadvantaged. They may be embedded in backpacks, clothing, vehicles, weapon systems, munitions etc. Links on such networks will also be diverse, drawing upon multiple communication modalities. Soldiers and their assets will operate in a dynamic contested and congested environment, and must cope with advanced persistent threats. Army cyber security is further complicated, as it must often use and defend networks that it neither owns nor controls directly (e.g. mobile, fixed, and SCADA networks). The Army must often construct mission networks rapidly, with a variety of partners and allies. Thus Army networks face numerous challenges including a large attack surface, relatively disadvantaged assets, large scale, high dynamics, and advanced persistent threats (APT).
The military (and the entire computing world) have yet to develop the basic principles of how one identifies, understands, and counters adversaries in the digital domain. Indeed, providing such principles and the operational procedures to support them represents one of the grand challenges for military systems moving into the future .
The Cyber Security Collaborative Research Alliance (CRA) is one aspect of the ARL Enterprise approach to Cyber Security for future Army networks . The overall objective of the CRA is to develop a fundamental understanding of cyber phenomena, including aspects of human attackers, cyber defenders, and end users, so that fundamental laws, theories, and theoretically grounded and empirically validated models can be applied to a broad range of Army domains, applications, and environments. Entering its 4th year, the goal of the “Models for Enabling Continuous Reconfigurability of Secure Missions (MACRO)” Cyber CRA program  is to understand and model the risks, human behaviors, and maneuvers within Army cyber-operations. More practically, the goal of the Cyber CRA is to provide models for making decisions that “optimally” support the mission-oriented goals. Such models will enable defenders to detect and thwart attacks as well as allow operation progress in the face of ongoing and evolving threats, e.g., “fighting through” in contested and congested digital domains. From a pure research perspective, the overarching scientific goal of this effort is to develop a rigorous science of cyber-decision making that enables military networks to (a) detect the risks and attacks present in the environment, (b) understand and predict the motivations and actions of users, defenders, and attackers, (c) alter the environment to securely achieve maximal operation success rates at the lowest resource cost.
The Cyber CRA consortium is led by Penn State University, with Applied Communication Sciences Inc. (ACS), Carnegie Mellon University, Indiana University, the University of California Davis and the University of California Riverside as consortium members. The Alliance is a collaborative partnership between the consortium, the Army Research Laboratory (ARL) and the Communications-Electronics Research, Development and Engineering Center (CERDEC).