U.S. Navy Task Force Fights Back Against Cyber Intrusions
Fire-control systems that track targets and launch missiles, manned-unmanned teaming between fighter-jets and drones, algorithms for F-35 “sensor fusion” or mini-swarms of integrated drones designed to overwhelm enemy air defenses - are all examples or larger weapons systems and platforms increasingly reliant upon computer systems.
Rapidly evolving cyber technology continues to expand well beyond computer networks, data systems and other IT military tasks to further integrate with weapons, ships, submarines and aircraft, among other things. Furthermore, ISR networks and weapons are improving their “networked” connectivity with faster digital processors able to shorten sensor-shooter targeting loops and improve electromagnetic warfare signals.
“Everything we do tends to involve a computer in some way,” Navy Cyber Security Division Director Troy M. Johnson said in a special exclusive interview.
While these developments might, quite naturally, seem somewhat self-evident, increased cyber reliance and connectivity has presented the US military with both significant advantages and some added vulnerabilities.
As a result, the Navy is now aggressively working to implement or “bake-in” various advances and discoveries made by its Task Force Cyber Awakening – a special unit configured to address the massive extent to which networks and weapons systems are increasingly computer reliant, and therefore potentially more vulnerable.
Some of the Task Force’s key advances come in an area known as “cyber hygiene,” a process which includes strengthening passwords and other online measures to limit access to the right people.
Other key details of this process include establishing multiple factors of authentication such as key access codes and techniques referred to as “locking down systems.”
(This first appeared in Scout Warrior here.)
“Once you have locked your system down, you know what normal looks like so you have an increased ability to detect anything anomalous,” Johnson said.
Controlling the number of specific people who have “administrator” privileges can also increase security and sustain a larger number of “users” to a site with a much lower degree of access and control, he added.
Managing the number of functions needed to finish a particular task is an essential element of “cyber hygiene.” This technique is grounded in a need to restrict the number of processes or services designed to run on a given system or “box” as it is called.
The Task Force, called TFCA, finished its principle work in August of 2015. Since then, Navy engineers, software developers and computer experts have been collaborating on ways to best integrate a series of new cyber-hardening procedures.
“We’ve needed to build the right requirements and check to make sure those requirements were being followed. The idea is to design principles that make systems more secure,” Johnson explained.
Among other things, the task force is also working to both defend against and thwart malicious cyber attacks such as “denial of service” attacks.
“If you get 1,000 machines go request a site, it might overwhelm the site. It might knock down the site or disable the server, making it so people cannot have access,” Johnson explained.
One of the many cyber defensive measure to these kinds of intended intrusion includes the use of software designed to track where the disruptive requests come from, he added.
“If it sees too many requests from the same machine or same domain, it will shut those off so they won’t overwhelm the system,” Johnson said.
Firewalls designed to limit access to sites is another effective cyber-defense tactic; they are designed to control the parts of the network that can be accessed or seen from outside sources. For example, Johnson explained that a firewall might restrict the number of machines able to access a particular area of control, such as computers engineered to dial-in remotely and control electrical power systems.
Combating computer viruses is an integral dimension to the overall approach, as well; viruses, in particular, often have an ability to spread themselves through multiple computer systems and often begin with a questionable attachment of some kind. This can infect data and then spread to other systems, Johnson explained.
While much progress is currently taking place, positioning requirements and the proper architecture for the future will likely be both necessary and challenging. TFCA works to address this by, among other things, engineering emerging systems with what’s called “open architecture.” This involves a strategy of building systems with standards, protocols and nuances such that both software and hardware platforms can rapidly adjust to new threats as they emerge. All of this falls within the broader strategic rubric of being more cyber resilient to better protect operational and developmental systems
“We’ve transitioned to a resilience approach. That is the operational part,” Johnson said.