White Papers

White Papers
Request Papers
To access the library, click on this   ACCESS LIBRARYbutton. After you fill in the form, you will receive a message back with a link to the download area.

Click on a title to read the abstract.

 

Cognitive Task Analysis Based Training for Cyber Situation Awareness
Doshi, Thomas, Duong(SCALABLE-Networks) & Huang, Shen (University of Delaware) {White-Paper-Cognitive-Task-Analaysis-Based-Training-2015.pdf}

Cyber attacks have been increasing significantly in both number and complexity, prompting the need for better training of cyber defense analysts. To conduct effective training for cyber situation awareness, it becomes essential to design realistic training scenarios. In this paper, we present a Cognitive Task Analysis based approach to address this training need. The technique of Cognitive Task Analysis is to capture and present knowledge used by experts to perform complex tasks. Accurate characterization of cyber security experts' cognitive processes can be incorporated into training materials to teach novice cyber analysts to think and act like experts.

Training for the Combined Cyber/Kinetic Battlefield
Wihl, Lloyd(SCALABLE-Networks) {MODSIM World 2015 Paper.pdf}

Training humans to recognize cyberspace operations and respond rapidy and effectively is imperative, because mistakes have immediate consequences. The ever-evolving complexity of the combined cyber/kinetic battlefield drives a need to simulate engagements in high fidelity where each domain affects the others. We present a new simulation approach that integrates real and simulated cyberspace operations, wired and wireless virtual networks, live and virtual equipment and applications, and traditional kinetic warfare training simulators into a full, instrumented, synthetic cyber warfare training environment. The system allows trainee performance centered on awareness, reaction time and correct action (at all levels), along with the ability to work through a degraded cyberspace environment and complete a mission, to be monitored and evaluated.

Developing a Complex Simulation Environment for Evaluating Cyber Attacks
Barreto/Hieb (GMU) & Yano (ITA) {White-Paper--Dev-Sim-Eval-Cyber-ITSEC-2012.pdf}

The management of oil exploration is among the most important strategic tasks that a nation has. In Brazil, the Campos Basin is a petroleum rich area compassing oceanic fields that accounts for 80% of Brazil's oil production. Because the Campos Basin is offshore, there is a high volume of helicopter traffic in the area. Currently, the Department of Airspace Control, that manages the Brazilian Air Traffic System, is developing a plan to improve Air Traffic Control Operations in this area using ADS-B technology (Automatic Dependent Surveillance-Broadcast). ADS-B will be used in a restricted oceanic airspace to supplement radar coverage to provide better service. As ADS-B technology is new and has vulnerabilities (unencrypted messages in a broadcast transmission mode), understanding the impact of a cyber-attack on the safety and security of Air Traffic Control Operations is a major challenge. This paper provides a case study in the evaluation and assessment of cyber-attacks to critical infrastructure using Simulation Tools. An analysis of the Simulation Environment used and its suitability for its purpose will be presented as a key finding. This environment consists of: 1) a cyber-attack generator; 2) an entity level simulation to provide the dynamic behaviors of entities (helicopters and ATS infrastructure); 3) a network simulation that will include modeling ADS-B; and 4) a 3D visualization tool. The HLA protocol will be used to integrate selected components of the testbed. To provide information about the impact to the Campos Basin Air Traffic System, an external tool will be used to export the information to a Log System, for analysis by a cyber assessment tool. This testbed will be used for developing an impact assessment framework that is applicable to a wide range of military and civilian missions.

A Virtual Cyber Range for Cyber Warfare Analysis and Training
Wihl/Varshney (SCALABLE) {White-Paper--Virtual-Cyber-Range-IITSEC-2012.pdf}

There is a need to accurately model the effects of cyber weapons for analysis, system testing and hardening, and training. Current simulations of the Net-Centric Battlespace do not adequately recreate the impact of cyber warfare due to a lack of realistic cyber threat and defense representations.

Hardware-based cyber ranges are limited in scale, costly, and time-consuming to configure. Moreover, they have no capability to simulate the inherent vulnerabilities endemic to wireless tactical networks. They also do not effectively model the overall effect of a cyber attack on a mission and are therefore unsuitable for mission analysis or training.

In this paper, we present a new approach, the Virtual Cyber Range, a portable modeling and simulation framework that provides a real-time, hardware-in-the-loop capability for simulation of cyber threats to the entire net-centric infrastructure. It also provides the ability to evaluate the effectiveness of the threats in disrupting communications via key performance indicators. The range provides models for accurate cyber threat simulation at all layers of the networking stack to include passive, active, coordinated and adaptive attacks on networks with hundreds to thousands of wired and wireless components. The range enables interoperability with Live-Virtual- Constructive (LVC) simulations providing an assessment of human-in-the-loop performance, and can stimulate physical networked systems with simulated cyber threats for real-time testing.

Utilizing this framework, the authors present findings for a targeting mission regarding the adequacy of defenses against cyber attacks that attempt data exfiltration and disruption of situational awareness.

Software Virtual Networks (SVN) for Network Test, Training and Operations Lifecycle
BG Michael Williamson, CAPT Jeffery Hoyle & Bagrodia (SCALABLE) {White-Paper--Software-Virtual-Networks-120822.pdf}

As US military operations become increasingly more network-dependent, the ability to test, train, and plan network operations in an environment that mimics the anticipated operational mission context is critical. This paper describes the use of advanced modeling and simulation capabilities to accurately model network operations of battlefield networks composed of thousands of heterogeneous devices and links in an operationally realistic manner. In particular, the following attributes of network-dependent operations must be represented:

Scale: The framework must be representative of operations at the anticipated scale, be it a company, division, or larger deployment.

Operational Context: Incorporate realistic operational maneuvers that (1) accurately represent the impact of operational tempo including mobility, terrain, and traffic burstiness; (2) accurately represent the impact of network dynamics & netops tools on the C2, SA and related warfighter applications supporting the mission.

Interoperability: Include the impact of interoperability issues among the heterogeneous set of networking equipment used by US Army units at various echelons and potentially by Allies and Coalition partners.

Cyber effects: Represent the resilience or vulnerabilities to cyber attacks, perhaps launched in conjunction with, or prior to kinetic attacks.

This paper proposes the use of software virtual networks (SVN) to develop such a framework. An SVN uses scalable, real-time network simulations to create a digital replica of Army communication networks and offers the potential to dramatically improve the efficiency, cost-savings, and effectiveness of net-centric system planning, test, and training. We have used SVNs to create the JTRS Network Emulator (JNE). The paper describes the merit and immediate applicability of JNE by applying it for the test, training, planning, and analysis of specific mission threads that have been used at recent Network Integration Evaluation (NIE) events. In these use cases, we also outline how JNE can be extended to include the backbone networks in the Upper Tactical Network Environment, and hence support test, training, planning, and analysis of the end-end Tactical Network.

StealthNet: A Live-Virtual-Constructive (LVC) Framework for Cyber Operations Test, Evaluation and Training
Pickett (MITRE) & Varshney/Bagrodia (SCALABLE) {White-Paper--StealthNet-MILCOM-2011.pdf}

Current simulations supporting the Net-Centric Test battlespace do not accurately represent the impact of cyber threats and information operations. When cyber threats are considered, they are typically limited to a small number of isolated physical devices. To further limit consideration, insufficient attention is paid to cyber attacks launched on the basis of passive threats like the eavesdroppers or the coordinated threats. Further, the test technologies are typically limited to incorporation of threats that can be realized physically, which limits both the scale and sophistication of representing such attacks; a Live-Virtual-Constructive (LVC) paradigm for modeling of threats is missing. Lastly, for threats such as jamming, wormhole attacks, large-scale Denial of Service attacks, use of physical threats is expensive, since specialized equipment and manpower is required to realize these threats. The net consequence of these deficiencies is to leave a major gap in the DoD test infrastructure with respect to our ability to realistically test the vulnerabilities and resiliency of Blue Force communication architectures to sophisticated cyber attacks, particularly in networks that include both current force & Future Force communication infrastructure. In this paper, we present StealthNet, a Live-Virtual-Constructive (LVC) framework that provides a real-time, hardware-in-the-loop capability for simulation of cyber threats to the entire net-centric infrastructure. It also provides the ability to evaluate the effectiveness of the threats in disrupting Blue Force communications via key performance indicators, i.e. bandwidth, reliability, delay and quality of service metrics. The StealthNet framework provides models for accurate cyber threat simulation at all layers of the networking stack to include passive, active, coordinated and adaptive attacks on networks with hundreds to thousands of wired and wireless components. The LVC technology can stimulate physical Networked-System Under Test (NSUT) with simulated cyber threats that span all the protocol stack layers for real-time testing. Additionally, the framework enables composability with existing Test and Evaluation (T&E) architecture and tools (TENA, SBE environments, etc) to facilitate a transition to other T&E programs.

Introducing a Cyber Warfare Communications Effect Model to Synthetic Environments
Wihl/Varshney/Kong {White-Paper--Introducing-a-Cyber-Warfare-Communications-Effect-Model-IITSEC2010.pdf}

Network-Centric Warfare (NCW) is characterized by geographically dispersed forces maintaining a high level of situational awareness, allowing increased combat effectiveness. Computer network operations (CNO) are becoming an effective weapon to undermine the capability of net-centric systems. Hence, there exists an urgent need to evaluate and train for vulnerabilities and resilience of net-centric military systems to computer network attacks from multiple, diverse, and (possibly) coordinated threats on communication networks. Published research and initial investigations have demonstrated efficacy of countermeasures to security threats. However, such countermeasures to security threats are evaluated in isolation, that is, their side-effect on other operational systems have not been considered nor has their impact on other metrics such as force effectiveness been analyzed. In a synthetic environment, the communication capability is often simulated at a very low fidelity, rarely accurately modeling network constraints. As a result, communications effects are not well considered, often causing actions resulting from near perfect communications to be unrepresentative of reality, contributing to negative analysis and training. This paper examines and analyzes the impact of using a cyber warfare communication model versus the limitations of simplified communication models in existing synthetic environments. The authors have created a test bed for the attack/defense of networks that allows integration into a live, virtual and constructive (LVC) environment. Utilizing this framework with commercially available communications and entity simulation software, the authors examine the impact of cyber threat communication modeling on successful analysis and training results.

Use of Live Virtual & Constructive (LVC) Technology for Large Scale Operational Tests of Net-Centric Systems
DiGennaro (Army OTC), Walker (PEO-I) & Doshi/Bressler/Bagrodia (SCALABLE) {White-Paper--BCNIS-2010.pdf}

The Operational Test Command’s BCNIS program will provide realistic situational awareness (SA) and command and control (C2) tactical environment to support operational testing, without the costs and constraints of deploying a large number of physical units in the field. In order to fulfill the requirements for large scale testing of emerging communication technology with the constraint of limited availability of physical radio units, BCNIS is looking to leverage the concept of Live, Virtual and Constructive (LVC) test environments. This central idea of LVC involves connecting units that exist in a constructive simulation model with live and virtual lab based units to form a “hybrid” large scale network, which now can be employed for the large scale operational tests of the communication technology. Along with ‘at operational scale’ testing, LVC also allows configuration of ‘hard to set up and test’ scenarios such as urban combat scenarios: the constructive domain can be employed to simulate the urban areas and complex network layout in which the constructive units operate, while the live domain setup can be compatible with the constraints of the physical environment of the test range. This paper describes the use hardware-in-the-loop (HWIL) capability to support the use of emulated JTRS radio models in a larger scale Operational Test of GMR radios. In addition to representing some portions of the Network Under Test (NUT), the LVC representations will also be used to represent a variety of battle command system simulations and network loading tools to create the appropriate voice, video (or imagery), and tactical message loads on networks.

Interfacing a Communications Effect Model to Provide Accurate Modeling of Communications in Computer Generated Forces
Dickens/Holcomb (MAK), Aplin (Boeing), Wihl (SCALABLE) {White-Paper--Comm-Effects-in-CGF-IITSEC-2009.pdf}

Network-Centric Warfare (NCW) is characterized by geographically dispersed forces maintaining a high level of situational awareness, thus allowing increasing tempo of operations, increased responsiveness, lower risk, and increased combat effectiveness. One of the most important aspects of situational awareness is the ability to effectively communicate between entities and military organizations on the battlefield - real or simulated. In a synthetic environment this communication capability is often simulated at a very low fidelity - if at all. Communications are often modeled as always being perfect, and even those simulations that do introduce imperfections rarely model factors such as time delays or network constraints. As a result, communications effects are not well considered, often causing the timing of actions resulting from near perfect communications to be unrepresentative of reality, contributing to negative analysis and training. This paper examines and analyzes the impact of using a high fidelity communication model versus the limitations of simplified communication models in existing synthetic environments. The authors have created an interface control document (ICD) to allow integration of commercial communications effects servers into an HLA / DIS virtual environment. Utilizing this framework with commercially available communications and entity simulation software, the authors examine the impact of improved communications modeling fidelity on successful analysis and training results.

Network Centric Warfare
{White-Paper--Network-Centric-Warfare-2009.pdf}

War games are computer-based simulations that are widely used by the military to train troops and develop new ways of warfi ghting. Simulation has long been used as a military training tool for the land, sea and air domains. For instance, the U.S. Army has used the Semi-Automated Forces (SAF) family of constructive simulation tools for training, analysis and research since the mid-1980s. SAF realistically represent combat, from the physical behavior of weapons systems to the tactical behavior of individual entities and military units. They also incorporate detailed models of the natural environment (e.g., terrain and atmosphere) and the effect of these environmental factors on simulated activities and behaviors. Historically, Computer Generated Forces(CGF) modeled many factors at play in combat, such as entity movement, effectiveness of weapons systems, terrain, and overarching combat strategy. These simulations assumed that communication was perfect— networks had infinite bandwidth and no latency. In reality, perfect communication is rarely achieved in battle, especially in mountainous or urban terrain. A simulation is much more realistic when it is linked to a communication simulator like QualNet, which can quickly and accurately determine whether each message is delivered. Through a discrete event simulation engine, QualNet provides detailed communication results to CGF applications, adding greater realism to the exercise.

Wireless Cyberwarfare
{White-Paper--Wireless-Cyberwarfare-2009.pdf}

Cyberwarfare is on the rise. Combatants are waging war with solo cyber attacks and cyber plus ballistic attacks. Cyberspace as a warfare domain is rapidly being viewed as equal to land, sea, air, and space. While all networks are vulnerable to attack, mobile wireless networks are the most unprotected because their strengths and benefits—agility, adaptability, node autonomy, and self organization—also render them practically defenseless against RF distortion and malicious packet-level disruption and intrusion. The US government launched the Comprehensive National Cyber Initiative in 2008 to create a simulation zone that will allow researchers to test security applications, evaluate network architectures, and simulate various user and network behaviors. These requirements led to the creation of the National Cyber Range (NCR), which is charged with testing wireless technologies, evaluating behavior of mobile workers, and specific devices. Simulating large computer networks teeming with nodes and participants (users and operators) is an essential part of the range concept. The good news: new technology and tools are available that will directly support developing comprehensive defensive and offensive mobile wireless cyberwarfare strategies in programs like NCR. Software Virtual Networks, or “networks in a box,” provide a cost-effective way to design and test cyberwarfare strategies and tactics and train people to implement them effectively.

Information Warfare
{White-Paper--Information-Warfare-2008.pdf}

U.S. forces in Afghanistan and Iraq are working daily to defeat radio-controlled improvised explosive devices (IEDs). IEDs have caused more casualties in Iraq than any other weapon. The Defense Department has been battling them for years with a variety of jammers, or counter- IED systems. Electronic jamming is a form of electronic attack where jammers radiate interfering signals toward an enemy’s radio, blocking the receiver with highly concentrated energy signals. Jammers have been successfully deployed to prevent the IEDs from detonating, but often with the unexpected side effect of the loss of all communications from collocated or nearby tactical radio systems. Like all warfare, Information Warfare (IW) has both offensive and defensive aspects. Information warfare is defined as the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy an adversity’s information, information based processes, systems and computer based networks. The US military has invested heavily in developing offensive IW systems like jammers, as well as defensive IW technologies that protect against attacks on government and military computer networks.

It is clear from the IED jammer story that there is a need for next-generation network technologies to be thoroughly tested and evaluated before being deployed. Military and civilian networks need to be deployed with confidence that they will perform as envisioned in the lab. With this goal in mind, wireless network technologies must be developed and tested in as realistic an environment as possible, one that factors in all the wireless networks that will be in operation.

This white paper will discuss ways in which wireless networks are vulnerable to attack, as well as ways that they can be protected. Next, we will introduce the concept of network simulation and emulation software for test and evaluation of information warfare technologies. Finally, we’ll provide data from network simulations that demonstrate the value of detailed modeling of cyberwarfare for thorough testing and validation.

Develop On-the-Move Communications
{White-Paper--On-the-Move-Communications-Emulation-2008.pdf}

Network-centric systems are widely believed to be the platform from which the U.S.& and other Western nations will conduct their military operations in the future. The U.S. General Accounting Office reported in April 2008 that the Army’s Future Combat System (FCS), the centerpiece program comprising fourteen integrated weapon systems and an advanced information network, is about halfway through its development phase 1. By definition, network-centric systems must rely heavily on a communications infrastructure that delivers on the move communication of voice, video, and data messages. Communication networks are also a critical force multiplier, supporting a broad range of situations and decisions such as logistics, battlefield awareness, and time-critical call-for-fire commands.

Each situation and message type carries different quality of service requirements, yet all must be carried over a common infrastructure capable of connecting thousands to tens of thousands of users––a very difficult challenge. Indeed, the GAO report states that “It is not yet clear if or when the information network that is at the heart of the FCS concept can be developed, built, and demonstrated.” On-the-move network performance is affected by several critical factors including traffic load, degree of mobility, terrain, and environment. Each of these factors can cause dramatic changes in link capacities, end-to-end latency, and message completion rates. Even as the technology for building scalable on-the-move networks matures, we still must accumulate the experiential base that will govern how to design and build these systems, how people are likely to use them, and why forces should be able to depend on them in mission- and life-critical situations. The approach to date has been to build and deploy prototype systems and then gain the experience of overcoming performance barriers through in-the-field testing. New technology is now available that brings the same kind of virtual design and engineering power that developers of other complex systems such as aircraft, automobiles, and buildings already enjoy, to net-centric communications development, training, and operations.

This white paper outlines the key challenges to developing predictable on-the-move communications, reviews historical approaches to on-the-move network design, and presents a new approach––real-time wireless network emulation––as the solution to gaining the experience of meeting service requirements and overcoming technical obstacles faster and at much lower cost than designing in a trial-and-error vacuum.

Technical Brief: EXata: An Exact Digital Network Replica for Testing, Training, and Operations of Network-centric Systems
{White-Paper--EXata-Technical-Brief-2008.pdf}

New wireless networks are being designed with a wide variety of goals in mind, such as improving worker productivity, delivering mission-critical information to troops in combat, or just enhancing mobile lifestyles. Wireless networks require different capabilities than their wired counterparts, such as specialized middleware, service-oriented architectures, net-centric services, and mobile on-the-go applications. Unfortunately, these technologies haven’t yet reached the level of maturity needed to support the demands of the wireless users of tomorrow. To ready network infrastructure for next generation wireless, new technologies must go through extensive and costly design, testing, analysis, and evaluation. This process is prohibitively expensive both in terms of equipment and personnel resources, as well as time investment.

Test & Eval of Network-Centric Systems
{White-Paper--Test-Eval-Network-Centric-Systems-2007.pdf}

Developers of wireless network-centric communication systems face a huge challenge in developing new technologies that raise the bar in terms of performance while supporting legacy systems. Validating designs from the component level to the system-of-systems level is necessary at numerous stages in the design process. Test and evaluation of these systems mitigates a variety of risks, including:

  • program failure,
  • technological obsolescence, and
  • life and limb of the soldiers communicating through the system.

Comprehensive testing of actual network prototypes is a costly but necessary practice prior to deployment. Not just the hardware, but also the software and systems must be tested, validated and verified. The problem with testing has been that the two methods commonly employed – simulation and physical testbeds – are only of value or viable at the very beginning or very end stages of development. Early stage simulations are not always accurate, whereas late-stage testbeds are very expensive. There is a real need for better, cheaper testing in the middle and later stages of product development. Real-time network emulation bridges the gap between early stage, highly abstracted simulations and late stage highly detailed physical tests on prototypes.

In this paper, we will define emulation, describe how it is achieved, and discuss benefits by citing real-life uses of the technology.

Spectrum and Network Management Convergence for Wireless Communications
Doshi/Duong/Bagrodia/Thai (SCALABLE) {White-Paper--Convergence-for-Wireless-MILCOM-2006.pdf}

The main objective of this work is to study the spectrum-network management convergence that enables spectrum efficiency while providing adequate Quality of Service (QoS) required for mission critical applications running on a wireless communication network. We combine well known QoS frameworks with the different dynamic frequency (channel) allocation approaches for spectrum management to devise mechanisms that can enable efficient spectrum-network management in wireless networks with Joint Tactical Radio System (JTRS)-like nodes. Specifically, we present two schemes: the first is ‘Greedy-DiffServ’ scheme which is based on DiffServ and the opportunistic (greedy) approach for dynamic frequency allocation. The second scheme is ‘Shared Information-IntServ’ which is based on IntServ and the shared information approach for dynamic frequency allocation. These two mechanisms are implemented in the QualNet network simulator on a hierarchical wireless mobile ad hoc network using ‘JTRS-like’ devices and are evaluated against an extensive set of notional scenarios. We present simulation results that highlight the advantages of deploying a spectrum-network management scheme in a wireless network and compare the performance of the two mechanisms.

An Accurate, Scalable, Communication Effects Servers for the FCS System of Sytems Simulation Environment
Goldman/Kumar (Boeing), Bagrodia/Tang (SCALABLE) {White-Paper--CES for FCS of Systems Simulation Environment.pdf}

This paper provides an overview of the Communications Effects Server (CES) that has been developed using the QualNet network simulator. It presents results on the performance of the CES for the simulation of large on-the-move communication networks in real time.

Speed & Scalability
{White-Paper--Speed-Scalability-2002.pdf}

Modelers use network simulation to assess the performance of networking technologies in experimental scenarios. A lot of number crunching is required to answer questions such as “How will the latency of my video conferencing application be affected if I add 50 new users to the network?” or “How will the response time of my web server be impacted if my traffic mix changes dramatically?” The process of running simulations is often prohibitively long. Historically, it would take days to execute a one-minute simulation of a high-fidelity model of a large wired network with heavy traffic and 1000 nodes. The same applies to a wireless network with complex propagation models and thousands of nodes and multiple types of traffic. In addition, the random nature of network traffic requires multiple trials for a single reliable data set. To ensure confidence in simulation results, 10, 20 or more trials may be performed. In the past, a single reliable data set could take weeks or even months to produce.

Parallel Execution
{White-Paper--Parallel-Execution-2002.pdf}

Network simulation is used to assess the performance of network technologies in experimental scenarios. A lot of number crunching is required to answer questions such as “What if I added another peering point to the Internet onto my existing network?” or “How does this routing protocol compare to another for my wireless ad hoc network?” Tools for network simulation come in hardware and software form, but the most widely used tools take the form of Discrete Event Simulation (DES) software. DES is a computer model of some physical system, where the state of the system is assumed to change only at discrete points in simulated time. The main activity in discrete event simulation is the processing of a global event list, where events are kept in chronological order. An example of an event is a packet arriving at a node. With 7 layers in the network stack, each performing complex processes on arriving packets, the processing load for DES is heavy.

Before parallel execution, simulation time for models of network traffic was prohibitively long. Especially in wireless networks, where complex propagation models are employed, a simulation of one minute of network traffic could take hours of execution time for 1000 nodes. A 10,000-node network could take over a week of simulation time to produce data.