While cyber operations have become an increasingly effective weapon to undermine the capability of net-centric systems, including those deployed in Theater Undersea Warfare (USW), cybersecurity has not traditionally been a part of Theater USW mission planning, execution, or post-mission analysis. The environments in which undersea platforms operate make them more susceptible to cyber-attacks while simultaneously making it more difficult to detect such attacks. There exists an urgent need to assess system-of-systems vulnerabilities of networked USW platforms and mitigate the impact of cyber-attacks from multiple, diverse, and coordinated sources. We propose the Intelligent Cyber Threat Operational Planner for Under Sea (iCTOPUS), a system which will integrate a high fidelity emulated network that incorporates environmental factors simulated cyberspace attacks and defenses modeling of the impact of environmental conditions on message transmissions live data feeds logging and measurement into a fully instrumented synthetic cybersecurity assessment system for Theater USW mission planning, execution and post-mission analysis. iCTOPUS will support mission planning by simulating scenarios which incorporate in-situ environmental data, live platform positions, and actual intelligence and data from networked sensors. The faster than real-time simulations can be used to compare and evaluate multiple Courses of Action (COAs) with varying routes and search areas in light of evolving meteorological and oceanographic data, spectrum management, network performance, connectivity, and susceptibility to cyber-attacks. iCTOPUS will support mission execution by running on the Consolidated Afloat Networks and Enterprise Services (CANES) and integrating with Undersea Warfare Decision Support System (USW-DSS) for the Sea Combat Commander and Theater USW Commander (TUSWC). In this mode, it will ingest live data feeds and support real-time assessments by human operators of ongoing operations in the theater. iCTOPUS will support post-mission analysis by incorporating potential cyber activities into the current post-mission analysis construct to analyze and enhance communications and network-related resilience for future operation. In this mode, it will run at least 4X faster than real-time. iCTOPUS will use high fidelity models to create a digital twin to represent the entire network, the various protocol layers, including the application and physical layers, and devices. The digital twin will accurately model the communication pathways and the effect of environmental factors on the communication between geographically distributed sensors and platforms. iCTOPUS will provide a zero-risk, realistic environment in which the impacts of a diverse set of cyber-attacks can be assessed without compromising the real system, and will also reduce efforts to provide Objective Quality Evidence (OQE) for theater cybersecurity resiliency in operational environments.
Benefit: Although net-centric systems are becoming increasingly susceptible to cyber-attacks, there are currently no tools to assess cyber resiliency of tactical networks which are suitable for the environments in which these networks operate. Tactical network performance is affected by environmental factors, and this in turn affects network resilience to cyber-attacks. The Intelligent Cyber Threat Operational Planner for Under Sea (iCTOPUS), which will be developed in this SBIR effort, will integrate simulated cyberspace attacks and defenses with an emulated network whose behavior varies with environmental conditions. iCTOPUS will provide a fully instrumented, synthetic cybersecurity assessment system for net-centric Theater Undersea Warfare (USW) mission planning, execution and post-mission analysis. Anticipated benefits of the iCTOPUS approach include: Safety: Attacks are launched against virtual nodes in the software model of the network, and not against live systems. By mapping live systems to these virtual nodes, the effects of the cyber operations are perceived, without compromising real systems. Realism: Accurate modeling provides responses to real attacks and defenses within a high-fidelity emulation environment Rich set of combat system threats: jamming, eavesdropping, denial of service, adaptive attacks, and host models with simulated vulnerabilities and exploitations that allow the incorporation of zero-day vulnerabilities in analysis By integrating real applications with the emulated cyber warfare communications effects model, it becomes possible to evaluate the side effects of cyber-attacks on operational systems Both friendly and adversary assets and networks can be modeled and attacked, combining kinetic and cyber warfare, with damage in one domain affecting performance in the other Reduced engineering efforts to provide Objective Quality Evidence (OQE) for the system cybersecurity resiliency in operational environments Embedded training capabilities for cyber defense We expect that iCTOPUS will have wide application in both military and civilian domains. This technology can be used to assess cyber resiliency of distributed systems, e.g., factory automation, power grid control, Internet of Things, and border surveillance. As control systems have been increasingly integrated into complex networks, including the Internet, cybersecurity assessment to aid protect networks is of huge importance to the Department of Homeland Security and private enterprises as well. iCTOPUS will be developed such that it is adaptable to distributed systems and will be used to investigate the corresponding cybersecurity issues.
Keywords: combat systems, combat systems, net, Theater Undersea Warfare (USW), Modeling of Environmental Factors, Cybersecurity Implications of Distributed and Unmanned Systems, Cybersecurity of Geographically Distributed Systems, Undersea Warfare Decision Support System (USW-DSS)