CECOM Research Development and
Engineering Center (CERDEC)
Space & Terrestrial Communications Directorate
Tactical Command and Control Protect
Program Overview
Briefing for the DARPA OASIS
Principal Investigators Meeting
Presented by: Chris Pilla
13 March 2002
Special Projects Office
Comm: (732) 427-2185, DSN: 987-2185
christopher.pilla@mail1.monmouth.army.mil
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 1
Tactical C2 Protect ATD
Technical Objective: Develop, Integrate, Validate, and Demonstrate hardware and software
that protect the systems and networks of the First Digitized Division (FDD) and Objective
Force/Future Combat Systems.
Attack
Protect
Detect/Predict
Respond
Network Intruder
Insider Threat
Overrun/Capture
• Information Gathering
• Data Insertion/
Modification/Deletion
• Illegally Advance Privileges
• Denial of Service
• Malicious Software
• Infrastructure Hardening
• User Identification &
Authentication
• Message Authentication
• Host S/W Protection
• Host & Network
Intrusion Detection
• Malicious Code
Detection
• Attack Forecasting
• Threat Analysis
•
•
•
•
Eliminate Attack Process
Tighten Access Control
Damage Assessment/ Recovery
Malicious Code Eradication
Protect, Detect, and Respond components will be integrated and managed by a Security Management architecture
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 2
Commercial vs. Tactical Networks
COMMERCIAL TACTICAL
High Bandwidth
Megabits per
second
Unique
Common
Message Traffic Military Message
Battlefield
E-Mail
SA
Web
File
C2
Transfer
$ Lost Due
to Hackers
Lives
at Stake
Small Bandwidth
Need to Adopt,
Adapt, and Develop to
suit Tactical
Environment
490-2400 bits
per second
Robust Static
Communications
Highly Skilled
Large Teams
CECOM Bottom Line: THE WARFIGHTER
Radio-Based
Highly Mobile
Communications
MOS w/
Multi-duties
c2p2502. Page 3
FY02 CECOM
C2 Protect Program Efforts
Near Term C2 Protect
Tasks
Tactical C2 Protect Advanced
Technology Demonstration (ATD)

 Applicable to any Army Tactical and

Strategic networks

 Efforts focus on First Interim Brigade
Combat Team (IBCT) requirements

 FY02 Tasks include:
 Tool Evaluations
 Functional Performance
 Modeling and Simulation
 Malicious Code Analysis
 Developmental Red Teaming
 Virtual Network Simulation
 Parsing and Searching Syslog Tool
 Battle Damage Assessment/Computer
Forensics
 Wireless Developmental Red Teaming
(WLAN, PDA)
 Laboratory and Field Testing
 IA Network Assessments
 Joint Test Involvement
 Vulnerability Assessments
Applicable to Army Tactical networks
Efforts focus on systems and networks beyond FDD
ATD efforts and products can be leveraged for FCS and
Objective Force
FY02 Tasks include:
 Attack Script Development and Developmental Red
Teaming
 Security Management System
 Remotely Configure/Manage Deployed Protect Tools
 Remotely Modify FW and Router ACL’s
 Event Correlation and Data Mining
 Access Control Technology Developments
 Tactical PKI Pilot
 Multicast Security for Army systems
 Intrusion Detection, Prediction, and Response Tech.
 Wireless Intrusion Protection and Detection
 Modeling and Simulation
–Concluding 5th
 Internet Attack Simulator
Year of ATD
 Laboratory, Field testing, and Exit Demo
–Follow On Science &
 Intrusion Prediction/Attack Forecasting
Technology Objective
 Deception, Detection, and Response
(STO) Planned
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 4
Tactical C2 Protect
Transitioned Products
Security
Mgmt
Phase I
Battalion (Bn)
Command and Control
MCS
Maneuver ASAS
Control Intel.
Bn Tactical
Operations Center
AFATDS
Fire
Support
Bn CDR
R
INC EPLRS
Msg
Auth.
Company (Co)
Battalion
Situational
Awareness (SA)
EPLRS Net
Co
CDR
XO
Host SW
Integrity
SINCGARS
Handset
Plt SGT
INC
FBCB2
Platoon
Situational
Awareness (SA)
SINCGARS
Net
Platoon (Plt)
Access
Control
INC
SINCGARS
FBCB2
Global
Positioning
Satellite (GPS)
R - Router
INC - Internet Controller (Tactical Router)
EPLRS
Plt
Ldr
Voice and Data
Wingman
Global
Positioning
Satellite
(GPS)
Tailored
Intrusion
Detection
Wingman
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 5
Developmental Progression
DARPA
Basic Research
ARL
Maturity
Applied Research
Advanced Technology
Development
Navy/AF
CECOM
RDEC
Field Proven Technology
Transitions TRL* 6
Commercial
Feeds
Demo/Val Phase
PEO/PM
EMD
Production
Operational System
* Technology Readiness Level (TRL) 6 =
System/subsystem or prototype
demonstration in a relevant
environment.
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 6
DARPA Leveraging
• CECOM would like to leverage the Information Assurance
technologies developed by DARPA and further tailor these
technologies to meet the requirements of the Army’s tactical
environment
• CECOM is currently leveraging DARPA programs including:
– Antigone (University of Michigan) – Security Policy Framework
– Cliques (UC Irvine, et. al) Distributed Group Rekey
– Dynamic Crypto Context Management (NAI Labs) One-Way
Function Trees
– Autonomic Distributed Firewall (Secure Computing / 3Com)
• Participating in beta test
• Additional leveraging from MIT/Lincoln Labs, JHU, CMU, etc
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 7
FY03 Broad Agency Announcement
Information Assurance for Tactical Networks
• Areas of Investigation
– Advanced Access Control
– Next Generation Intrusion Prediction, Protection, and
Detection
– Fault/Intrusion Tolerance and Survivability
– Mobile Code Authentication
– Wireless Intrusion Protection and Detection
– Wireless Agent Based Vulnerability Detection
• Army Tactical Internet Environment
– Dynamic/Mobile
– Ad Hoc
– Bandwidth Constrained
– Established without a-priori knowledge
• BAA to be Released May 02
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 8
FY01/FY02BROAD AGENY ANNOUNCEMENT
“Information Assurance for Tactical Networks”
• BAA located at HTTP://abop.monmouth.army.mil
– Contact Chris Pilla (732-427-2185) for website navigation
instructions
• Areas of Investigation include;
– Network Access Control
– Intrusion Detection and Response
– Host Protection Devices
– Security Management
• Event Correlation
• Damage Assessment/Forensics
• Data Mining
– Intrusion Prediction/Attack Forcasting (BAA amendment 2)
– Intrusion Tolerance for Tactical Networks (BAA amendment 2)
– Other IA Efforts
• Wireless Intrusion Protection and Detection
• Recommend submitting white paper prior to formal proposal
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 9
FY01/FY02 BROAD AGENY ANNOUNCEMENT
“Information Assurance for Tactical Networks”
Website Navigation Instructions;
1. go to http:\\abop.monmouth.army.mil
2. click on "IBOP Home"
3. click on "Extended Search"
4. enter "DAAB07-00-R-L575" in block 1 and click on search
5. click on first "CECOM Business Opportunities" choice
For the the original announcement and instructions:
6. click on "Return to DAAB07-00-R-L575 Solicitation Folder"
7. click on DAAB07-00-R-L575
8. go to bottom of page and click on file "DAAB07-00-R-L575.doc"
For amendment 2:
6. go to bottom of page and click on file "AMENDBAA-S0101
AUG.DOC
CECOM Bottom Line: THE WARFIGHTER
c2p2502. Page 10
Tactical C2 Protect Program
Organization Chart
C2 Protect Management Team
FT. Hood Liaison
Software
Engineering
Center
• Malicious Code
Analysis
• Tool Development/
Modifications
Technical Team
Space & Terrestrial Communications Directorate
Special Projects Office
Command
and Control
Directorate
• Modeling and
Simulation
• Developing Internet
Attack Simulator
• Developing Virtual
Network Simulator
Intelligence
and
Information
Warfare
Directorate
• Red Teaming
• Vulnerability
Assessments
• IA Network
Assessments
Information Systems
Engineering Command
Space
and
Terrestrial
Communications
Directorate
• COTS Tool Evaluations
• Security Management Sys.
• Tactical Tool Development
• Information Assurance
Architecture
• IA Advanced Technology
• TI Laboratory/Test Facility
CECOM Bottom Line: THE WARFIGHTER
ARL
Survivability
and
Lethality
Analysis
Directorate
• Vulnerability
Analysis
• Vulnerability
Database
• Information Flow
Modeling
c2p2502. Page 11