MILCOM Cyber Security Takeaways: Lessons from the Physical Battlefield

If the recent barrage of government security events is any indication, civilian and military personnel are energized about hardening cyber security. The largest event in recent months was MILCOM 2009, where I had three days to talk cyber simulation and cyber warfare with some of the best and brightest. The experience was both educational and a bit surreal, as BreakingPoint showcased resiliency testing products on an exhibit floor where networking products were intermingled closely (almost perilously, in my case) with military hardware like satellite receivers and armored vehicles.

These products once formed a strange combination, but now their mingling illustrates how the lines are blurring between the physical battleground and cyber warfare. Experts from academia and government have warned for years that new battles will be fought online, where traditionally weaker parties have a level playing field with the militaries of larger nations. Just this month the United Nations Telecommunications Agency chief warned that “the next world war could take place in cyberspace.”

Each day, thousands of individuals attack networks around the world for reasons ranging from personal amusement to organized cyber crime. As this graph taken from Infonetics Research data shows, cyber intruders and enemies of the state are becoming more sophisticated and aggressive in network attacks.

While government-operated networks are the targets of more than a million attacks each week, privately owned infrastructures are also increasingly vulnerable to attack. And more than data and communications are at risk. Here in the U.S., much of our critical infrastructure, such as energy, transportation, and financial networks, is private. A single attack taking out one of these networks could threaten the U.S. market and personal safety.

Both the public and private sectors are investing heavily in experimental and proven techniques for hardening the networks and data centers that form our critical information infrastructure. They are also scrambling to recruit and train security researchers in an effort to launch a proactive defense. This is particularly difficult in the world of information or digital warfare, where the terrain is complex and virtually invisible, conditions are ever changing, and attackers are widely distributed. To fight on this virtual battlefield, the U.S. is gearing up to hire some 4,000 specialists, and they are going to need actual hands-on experience to identify and block attacks that are ever morphing.

For the U.S. military, training was—and still is—one of the greatest challenges facing leaders in achieving the goal of Information Superiority, defined as “the capability to collect, process, analyze and disseminate information while denying an adversary’s ability to do the same.” It strikes me that there are a few lessons from the physical battlefront we can apply to the virtual world of cyber warfare, such as the use of simulation to prepare soldiers for battle.

Unlike training for the battlefield by using war games and battle simulations, our cyber warriors will conduct their missions online, and these cyber warriors must have Internet-scale cyber simulation capabilities to replicate commercial, military, and government network conditions. When it comes to cyber war, network mayhem is the enemy. Cyber warriors must know how to navigate the mayhem and spot the most deadly attacks in some of the most complex and confusing terrain imaginable—an ever-morphing online world filled with invisible enemies.

With an increasingly sophisticated army of guerrilla hackers operating in a highly distributed cyber battlefront, the ability to detect an attack and respond to prevent damage instantly is paramount. The enemy who strikes first can take out an entire network through coordinated distributed denial of service (DDoS) attacks. Before most products or experts even know anything is happening, the attack is over and critical systems are compromised.

Intelligence and the ability to spot and block attacks instantly are paramount to protect against devastating DDoS assaults. However, network-traffic-generation products or emulators cannot generate the evolving application and attack traffic or simulate the user load necessary to replicate realistic attacks and prepare our defenses to block them. In fact, from the reactions we received at MILCOM, it is evident that cyber simulation of the scale and sophistication created by BreakingPoint products has never before been possible. While that is exciting to hear, it is also frightening.

The U.S. government’s answer is to invest billions in building the U.S. Defense Advanced Research Projects Agency’s (DARPA) National Cyber Range (NCR). It’s a great idea and an ambitious undertaking, but it will take years to fully realize. Meanwhile, our military and intelligence communities do not have the tools they need now to properly prepare for the dangers of cyber warfare, and that is simply not acceptable when the technology exists in such a small form factor.

It is encouraging to speak with so many in the military who “get it” and are actively looking for solutions to train cyber soldiers to defend the network. With any hope, we can take yet another lesson learned from the physical battlefront and arm our soldiers with the tools they need to keep our infrastructure safe from growing cyber threats.