Advancing Cyberspace Situational Understanding

To fight and win on today’s tech-driven battlefield, the Army must be able to contend and dominate in the cyberspace domain. An emergent capability known as Cyberspace Situational Understanding will allow commanders to see themselves in their cyberspace domain, see their battlespace and the threats impacting mission success, and leverage a common operational picture of collected and fused data to understand that battlespace and make informed decisions in multi-domain operations.

By Jerry Harper, Product Lead for Mission Command Cyber, PEO-C3T

From Armor & Mobility, March/April 2020

Emerging technologies are driving a fundamental change in the character of war. From a cyberspace operations perspective, new and emerging technologies such as artificial intelligence and high-speed data processing are enabling smart jammers, sophisticated cyber-tools, and improved speed and accuracy in human decision making. Warfighters must also contend with an electromagnetic spectrum (EMS) that is both highly contested and congested to ensure command and control and information sharing. These threats require new tools for Soldiers to control the cyberspace domain, the EMS and the information environment.

Greater Comprehension of Operability

Cyberspace Situational Understanding, or Cyberspace SU, will be an application or set of applications to manage, interact with and visualize Cyber and electromagnetic activities. Cyberspace SU provides three primary capabilities. First, it allows commanders and their staff to see how events in the information environment – cyberspace attack, jamming, social media campaigns, etc. – impact their overall mission and then choose an appropriate course of action during multi-domain operations. Second, Cyberspace SU helps warfighters to identify risks or possible impacts of the information environment. Finally, Cyberspace SU allows commanders and their staff to integrate cyber operations, electronic warfare operations, and other information warfare planning capabilities into their mission objectives and tasks, and track them through completion. These capabilities enable the commander to concurrently defend the network/information systems, identify and target cyberspace threats, manage risk, and aid in increasing operational success.

The capability will include backend analytics that leverage source and enriched data from specific tactical and strategic programs to provide analysis, forecasting, enable information prioritization and reduce the cognitive workload of warfighters.

With Cyberspace SU, tactical units are afforded the ability to view cyberspace events, associated impacts and related status quickly by correlating in time, physical and logical space; across likely threat vectors and actions; and phases of operation and mission types. Cyberspace SU tools will also ingest data and information from national, strategic and tactical sources. Analytic, visualization and correlation capabilities then transform data into useful information needed to achieve the commander’s situational understanding of cyberspace. This process ultimately provides the “so what” factor needed to drive decisions in Multi-Domain Operations (MDO).

More Ease in Enemy Assessment

Cyberspace SU maps mission systems and dependencies and assesses the impact of losing key systems on the overall mission success. It continually assesses vital military systems for vulnerabilities and indicators of compromise and alerts operators when a mission is affected. By expediting the warfighter’s ability to recognize and react to cyber-threats/attacks to key mission systems, Cyberspace SU allows commanders to quickly address system issues, mitigate risks and ensure successful operations. Cyberspace SU also seeks to incorporate emerging machine learning and artificial intelligence capabilities to further aid warfighters with predictive analytics to help warfighter’s disrupt adversary kill chains.

With adversaries developing capabilities like smart jamming and sophisticated offensive cyber tools, warfighters need a means to recognize when adversaries employ these tools and respond. To do so, sensor data must be rapidly ingested, correlated and understood to help warfighters recognize their adversary’s avenue of attack.

The Army must also look to fuse disparate information sources to gain better insights into the information environment. One example is correlating a cyber-persona, identified by a national or joint cyberspace asset with a real person (or organization) residing in a tactical unit’s AO derived from battlefield forensics performed on digital devices seized in a raid.

Multi-Domain Support and Network 2028

All of the disparate information concerning cyberspace must be brought together to inform the commander on the best way to operate in the cyberspace domain – including its capabilities and limitations – in multi-domain operations. Cyberspace SU analyzes data and information and then presents the results with intuitive visualizations that enable commanders and staffs to take action. Correlation of these disparate data sets will provide an intuitive logic to otherwise meaningless statistics, logs and status reports.

To further support multi-domain operations, Cyberspace SU will integrate with and converge onto the Army’s Command Post Computing Environment, also known as CPCE, as an application that brings situational understanding of the cyberspace domain, EMS and information environment to the commander’s common operational picture as overlays. These overlays are also customizable, allowing warfighters to depict the three-layers of cyberspace – physical, logical and cyber-persona – in conjunction with the other operational domains.

Development Looking Ahead

Current Cyberspace SU efforts include integrating vendor solutions into experimental exercises such as Cyber Quest and Cyber Blitz, both which represent annual opportunities for vendors to interact with tactical, networked systems for evaluation and risk mitigation purposes. These events allow vendors to showcase innovative technologies, including both hardware and software solutions, while warfighters sit alongside the vendors’ engineers to evaluate their systems and provide feedback for system improvement. This Developmental Operations, or DevOps, environment allows the program to adapt with speed and implement iterative capability enhancements through regular user engagement.

The many Cyberspace SU stakeholders are as varied as the systems and programs of record with which it will integrate. They include FORSCOM (user), Army Capability Managers (user representatives), the Army’s C5ISR Center (research and development) and other program managers for Cyberspace SU: EWPMT, DCGS-A, WIN-T and CPCE to name just a few.

The program office, Product Lead Mission Command Cyber, is currently working with the System of Systems Consortium on challenge-based acquisition to spur technology from the cyber exercises leading to a Cyberspace SU prototype award this spring. This approach allows the product office to deliver a demonstrated prototype to the warfighter while quickly increasing capability overtime.

A total of 40 whitepapers submissions from industry have been evaluated leading to several invitations to the final acquisition challenge to validate capability on the current Tactical Server Infrastructure, leading to a prototype contract award in late-March. The vision is to partner with a CPCE unit to incorporate feedback from the user as we build a capability we can field within 18 months.