Cyber-space is emerging as the fifth domain of warfare and a crucial operational concern for commercial industry. As such, it requires a command and control system that enables defensive and operational capabilities within cyber-space. This chapter describes a research and development project aimed at discovering solutions for a Cyber Command and Control both for commercial and military environments. The chapter identifies challenges and provides solutions rooted in the body of knowledge composed of Command and Control and Situation Awareness Theory.
TopIntroduction
Cyberspace is officially the fifth domain of warfare. On June 23, 2009, US Secretary of Defense, Robert Gates, in a memorandum to the Joint Chiefs of Staff and Military Service leadership, established the US Cyber Command (USCYBERCOM) (Jackson, 2009). This came as no surprise to those in the US military industrial complex, because the Air Force and the other military services were all competing for leadership of this new mission area (Clarke & Knake, 2010). The Gates Memo, for the first time, positioned cyber as the fifth domain of warfare along side of Air, Land, Maritime, and Space; giving the US military the authority and the duty to conduct defensive and offensive missions in cyberspace (Fry, 2010; Jackson, 2009; Staff Writer, 2010). Like the other four domains, cyber requires a command and control system that is able to integrate with existing command and control systems in an operational environment, while providing supporting capability to those operating in cyber space.
Prior to the official announcement many firms in the military industrial complex actively conducted research in this emerging domain. BearingPoint Public Service (now Deloitte Federal Services), performed research and development in the information sharing domain dating back to mid-2007; applying their efforts to the maritime domain awareness (MDA) problem. In mid-2008, the research team decided that the solutions created for MDA could be applied to the Cyber Command and Control (Cyber C2) problem.
In the early stages of this research it was important to understand how security operation centers (SOC) were conducting business. Visits to several security operations centers revealed similar results to those articulated in Visualizing Cyber Security: Usable Workspaces (Fink, North, Endert, & Rose, 2009). Many of the cyber analysts working in the SOC were former systems administrators, network engineers, and hardware technicians. The analysts’ comfort with hands-on operations of the physical system coupled with their years of experience in dealing with systems at the system console level, created an environment where only a minimum set of automation and analytical tools existed. The sheer volume of information that the analysts were processing on any given day was of particular interest. It was on the order of three million alerts indicating possible threats every day.
This chapter articulates the outcomes associated with the Cyber C2 R&D effort and the lessons learned from that research endeavor. In order to provide the most complete analysis the chapter starts with the theoretical underpinning of command and control, as well as situation awareness. The chapter then progresses into a description of the technical solution and aligns that solution with its theoretical foundation.