TechNet Augusta 2016: Defensive Cyber

September 15, 2016
No Comment


cyberPicture1This is the sixth in our series of posts on US Army systems and mission needs based on the AFCEA Augusta Technet.

The US Army must ensure they have the ability to maneuver in cyberspace.  There were considerable discussions on defensive and offensive cyber operations and how they will occur in a conflict.  Defensive cyber includes passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace capabilities and protect data, networks, net-centric capabilities, and other designated systems.  This includes actively hunting for threats as well as internal responses to threats. Also, it includes deliberate defensive measures to defend the network.

To maneuver in cyberspace, Army needs to be agile and decisively engage the adversary in a way that will cost the opponent more.  Army is putting together tools to achieve this.

  • Tools are encapsulated into purpose-built VMs (platforms), comparable with both deployed and prepositioned capabilities.
  • Orchestrated VMs are configured and loaded with tools during provisioning and leverage multiple tool and software repositories.
  • Mission-related work should be performed at the platform layer where practical. These bastion hosts serve as the hypervisors for the platform layer VMs.

Defensive cyber operation equipment is being rapidly delivered to the cyber protection teams and other Army cyber forces.  Capabilities include:

Specialized VMs – Organized tools by functions/ work role/ effects

  • Sensor / Packet Inspection
  • Active Detection
  • Network Analysis
  • General Threat Emulation
  • General Forensics
  • Forensics Live Image

VMs tied to licenses

  • Licensed Forensics
  • Web Scan
  • Licensed Threat Emulation

Orchestrated VMs

  • Linux: RHEL 7 Family
  • Windows Server: Windows 2012
  • Windows Workstation: Windows 7