The US Army Ground Vehicle Systems Center, in collaboration with Texas-based Southwest Research Institute (SwRI), has developed a new Intrusion Detection System (IDS) to protect military ground vehicles from cyberattacks for more connected and automated self-propelled vehicle networks so as to achieve cyber resilience. The new IDS technology uses algorithms and fingerprints to detect anomalies in the communication systems embedded in ground combat vehicles. System algorithms will transmit information via the Controller Area Network (CAN) protocol to identify unknown or invalid nodes connected to the vehicle’s network.

The US Air Force has developed the anti-malware scanner software known as Whiddler. It is a multi-threaded, multi-process, cluster-capable software scanning application tool that performs static analysis on files. Its being multi-threated means that a process is divided into two or more strands (instances) or subprocesses that are concurrently executed by a single-processor (monothreading) or by a multiprocessor (multithreading). After completing the file observations, the software calculates the probability that the file is malicious or not malicious. The threshold level can be adjusted by the user.

Whiddler transfers the software to the private sector through a patent license agreement. Its major advantages are the following: no risk of infection with static analysis; no reliance on signature updates to maintain accuracy; 95% malware detection rate. Its major features include flexible and scalable deployment; file analysis and scoring using proprietary patented algorithms; strict detection or training mode; remote network-based monitoring and reporting; easy incorporation of new file types.

In February 2022 the U.S. Marine Corps sought to support a pilot program through user monitoring and corporate network control capabilities aimed at increasing the understanding of unauthorized disclosures and breaches of sensitive data on DOD networks. According to the release, the Marine Corps needs large capabilities to find and assess anomalous activity on classified and unclassified networks. The document released states that at least five technical requirements must be met: 1. keystroke monitoring; 2. full application content (such as email and chat); 3. screen capture; 4. file tracking; and 5. user data tracking. The functionality must also focus on seven methods of intrusion: 1. connecting to the network; 2. privilege escalation; 3. connecting to the target system; 4. creating a file share; 5. accessing sensitive information; 6. copying to a file share; 7. copying to an external entity.

In August 2021 the U.K. Defence and Security Accelerator Agency (DASA) launched an Innovation Focus Area (IFA) project called Reducing the Cyber Attack Surface to develop technologies designed to prevent cyberattacks on military platforms, with the aim of helping to eliminate cyber vulnerabilities and reduce cyberattacks with the possibility of a devastating attack. DASA is also working on another cybersecurity IFA project called Autonomous Cyber Defence of Military Systems, which seeks to develop autonomous agents to protect military networks and systems.

Last October it also created a new IFA called Military Systems Information Assurance (MSIA) to focus on identifying, developing, and promoting information assurance technology solutions.

MSIA is an important part of measures taken to strengthen the UK’s cybersecurity capabilities and ensure the security of the country’s critical infrastructure and defence. It is part of the Lifetime Cyber Defence Enhancement Project and is funded as part of the UK government’s Comprehensive Review Document. This IFA will work on developing alternatives to encryption. Examples of the proposals it will consider include: new authentication methods; methods of protecting information in cloud environments; key management systems; providing reliable information under low bandwidth and intermittent communication conditions; flow methods, etc.

Creating a network environment on the battlefield lays the foundations for moving first to cyberwarfare and then to military operations.

The United States of America and European countries enhance research and improve the development of battlefield communication network technology and equipment by innovating infrastructure and improving application programs, as well as introducing emerging technologies and expanding network channels, with the aim of creating a seamless, secure, reliable and efficient system as a communication network that uses sound data integration to achieve advantages in situational awareness, command, control and decision making.

In May 2021 the Defense Advanced Research Projects Agency (DARPA) announced the launch of the Mission Integrated Network Control (MINC) program. The project is an essential part of mosaic warfare, which aims to ensure that critical data finds its way to the right user at the right time in a competitive environment, by safely and securely controlling any communication or network resources available. MINC will change the paradigm of static manual configuration of the closed rigid architecture, moving toward autonomous methods of adapting applications and networks to changing military conditions. The MINC project does not intend to develop any new communication hardware and network resources, but rather network and communication system algorithms and software to opportunistically configure and control the resources available. The project aims to develop network connectivity from sensor to “on-demand shooter” by focusing on three key functions: 1. developing an always-on network overlay (a technique that allows a large program to be divided into parts which are small enough to be fully contained in central storage) to access available network and communication resources, as well as control parameters; 2. using the cross-network method to manage network configuration; 3. creating methods to determine the optimal flow of information for kill-net services (i.e. a group of hackers interested in participating in unspecified counter-terrorism actions).

In April 2021 the US Cyber Command released a request for services to support Wolfdoor interdomain solutions. Wolfdoor is a perimeter solution created in 2018 to safely and securely move data from the US Cyber Command to the intelligence community, the Department of Defense (DOD), and commercial networks. The solutions solicited by the US Cyber Command will be used to expand the Wolfdoor infrastructure so as to meet growing mission and data flow requirements. According to the call for proposals, the contractor will help maintain, replicate and expand the data sharing infrastructure to support mission systems. The US Cyber Command wants the contractor to improve system security to eliminate redundancy of support staff at multiple sites, while providing scalability and advanced security support for individual sites.

The US Navy continues to advance the Overmatch Project, which is an attempt to build a maritime network of ships, sensors, weapons and platforms that will enable the Navy to connect its operations and provide commanders with broader real-time situational awareness. Key to the project is the development of the networks, infrastructure, data architecture, tools and analytics that support the operational and development environment to achieve a sustained and lasting maritime advantage by using manned and unmanned systems. The Strong Victory project will also leverage the latest digital technologies, such as artificial intelligence, machine learning, information and networking technologies, to improve the combat readiness of the global fleet. The US Navy also plans to award full implementation contracts for the Consolidated Afloat Networks and Enterprise Services (CANES). CANES is the backbone of the Navy’s modernization of C4I-Leonardo and cybersecurity systems on its ships and maritime network. It is integrated, consolidated, updated and upgraded, and will play a key role in the Navy’s efforts to define and implement its own vision for distributed maritime operations in global seas. According to the Navy’s 2022 fiscal budget, CANES will replace and modernize existing maritime networks with the enterprise-grade hardware, software and service infrastructure needed to enable cyberwarfare within and beyond the tactical domain. The underwater and maritime operations centres provide full infrastructure, including hardware, software, processing and storage equipment, as well as end users, for unclassified, coalition, confidential and sensitive information clusters (SCI).

Giancarlo Elia Valori