Cybersecurity defence is the foundation of cyberspace combat capability and an important guarantee for military operations. Guided by the idea of military and industry-led collaboration, the United States of America and the United Kingdom make full use of industry technologies and capabilities to strengthen research and development of cybersecurity technologies and equipment, as well as improve performance in its defence capabilities.

In August 2021 the US Defense Information Systems Agency (DISA) awarded to the cybersecurity firm Forescout-Active Defense for the Enterprise of Things a 115 million US dollar contract to promote a zero-trust security model. Also known as zero-trust architecture (ZTA), zero-trust network architecture (ZTNA) or perimeter-less security, it describes an approach to designing and deploying IT systems. The main concept behind the zero-trust security model is “never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to an authorized network such as a corporate LAN and even if they were checked and verified before.

DISA selected the Forescout platform as part of the Compliant Connectivity (C2C) project. The Department of Defense expects C2C to provide a suite of computing and IT capabilities to manage all resources in the Department’s network. One of the C2C-enabled capabilities of the Forescout platform is end-to-end visibility into the Department’s connected networks and will also enable DISA to upgrade security processes, including the automation of essential security functions and improved information sharing.

DISA also plans to develop a prototype of the Thunderdome zero-trust architecture, the production of which will begin in early 2023. The new architecture promises to improve security, reduce complexity and save costs, while replacing current defence-in-depth approaches to cybersecurity.

At the same time, the Defense Advanced Research Projects Agency (DARPA) developed a new drone cybersecurity software, namely the High Assurance Cyber Military System (HACMS), and invited hackers to attend the DEFense readiness CONdition (DEFCON) cybersecurity Conference in the United States of America in August. The results show that even professionals are not able to crack such software – although I believe that those who could do it would stay hidden, preferring to declare themselves “beaten” rather than exposing themselves in the open.

HACMS uses “formal method” techniques to mathematically ensure that there are no software flaws that would allow hackers to enter and take a computer system over. The software architecture strictly separates the various functions of the task-specific control system, and even if hackers were able to break into the drone’s camera software, they would not be able to hijack its command and control system. Furthermore, in September DARPA launched the Hardening Development Toolchain Defense Against Burst Execution Engine (HARDEN) project, which aims to help developers understand contingency and emergency behaviour in computers to prevent cyber attackers from using the built-in capabilities of critical systems to generate malicious and accidental computations.

In January 2022 the Defense Innovation Agency (DIU) announced it had awarded to the cybersecurity firm CounterCraft an additional settlement agreement for new technology to capture and block insider threats on compromised networks. The technique, known as a “cyber deception platform,” creates a trap for adversaries to leave behind the techniques, tools and command architecture they use after compromising a network. CounterCraft says the technology is essentially “honeypots” and “honeynets”, i.e. cybersecurity techniques that create tempting traps (honeypots) and link these traps together (honeynets). The attackers’ behaviour in a honeypot environment can be classified, thus enabling institutions to visualize their vulnerabilities in infiltration chains.

DIU addressed the industry in July 2021 for advanced endpoint detection and response capabilities (a communication endpoint is a type of node in the communication network; it is an interface that consists of a communicating part or communication channel).  

DIU has stated that the US Cyber Command and the service’s various cyber components want to be ever more the “crown jewel” on the defensive network and defensive weapon system to oppose malicious cyber activity around which DIU is deploying deceptive elements to essentially create pre-filtering sensors and capabilities, as well as pre-filtered data collection devices. This is essentially a method for deploying fake artifacts, decoys, erroneous algorithms and honeypots, and deploying highly customized and targeted recalls and endpoints in very specific traffic data and pre-filtering indicators in an environment that enables us to understand the details of threats by visualizing interactions with fake artifacts. If the methods and techniques described above are proven over time, these tools will change the rules of the game as to how the Department of Defense, and any Agency, protect their networks and data.

This means that cyberspace defenders can develop tailored protection plans and responses that are more specific to any part of the Department of Defense or any other Ministry, rather than trying to adopt a one-size-fits-all approach to cyber protection.

The US Army is leveraging new technologies to advance the development and deployment of cyber weapons, incorporating enhancements into existing systems to ensure the continued effectiveness of cyber defenses. Among them, the Network Analysis and Detection (CAD) project is based on the Army’s Big Data Platform – called Gabriel Nimbus – which can run on various classified networks, thus increasing storage space; adding new data sources; and integrating special applications and tools..

Moreover, the User Activity Monitoring (UAM) program enables analysts to identify high-risk user activity in the Army’s networks in near real-time to address insider threats. This helps leverage all the tools, applications, as well as data streams and flows in the Gabriel Nimbus. Threat emulation is the project that enables users to simulate hostile capabilities on their networks with the aim of finding vulnerabilities before actual attacks. This is expected to be implemented in the coming months.

The Deployable Defensive Cyberspace Operations. Systems-Modular (DDS-M) projects are configurable with the hardware kit for use by Cyber Protection Teams (CPTs). The Garrison Defensive Cyberspace Operations Platform (GDP) project is a system capable of high-speed data capture and is moving to the cloud as a software-based military weapon.

Three GDP versions are being developed, with the fourth and fifth ones expected to be launched in 2022 and 2023.

The US Army Cyber Command issued an announcement last August asking for information about the Endpoint Security Solutions as a Service resources: a potential resource for the Army to find endpoint security solutions and hosting services, with the aim of improving overall security and reducing risk. Cyber Command seeks to increase visibility on endpoint security across all Army’s operational domains and track compliance metrics that provide robust protection of assets and systems to detect and respond to cyber threats appropriately in all locations and environments.

Giacarlo Elia Valori