DYNAMICALLY-ADAPTIVE-RESILIENT MEASURED CYBER PERFORMANCE AND EFFECTS THROUGH COMMAND AND CONTROL INTEGRATION OF FULL SPECTRUM CAPABILITIES
System-of-systems architectures and methods for dynamically and adaptively managing and executing a command and control system across a global cyber enterprise are provided. The system-of-systems architecture integrates, synchronizes and executes with kinetic operations employing an adaptive and dynamic mixing and matching of capabilities for optimal effects in near real time so as to measure and maximize effects across the global cyber enterprise. The methods incorporate execution of a Cyber Operations “CyberOps” Chain of interlocking management cycles for the integration with a kinetic “Kill Chain” to optimize cyber/kinetic integration and mission outcomes. An analytical and software framework enables the on-demand formation of mission-specific dynamic cell groups from various cells stretching across the global cyber enterprise in response to ever-changing faces of cyber threats.
1. Statement of the Technical Field
The technology arrangement relates to cyber operations and cyber security integration, and more particularly to the integration, dynamic control, “on demand” adaptability and optimization of cyber effects of all integrated cyber capabilities and their measured outcomes across a global enterprise or cyber operations domain.
2. Description of the Related ArtThe current weakness of cyber security and cyber operations lies in lack of a system and/or SoSs implementation architectural strategy, implementation of point solution cyber security controls that lack federation or dynamic adaptability, the lack of integration of all cyber capabilities (i.e., defensive cyber operations, offensive cyber operations, network operations, cyber security controls, and most importantly, a lack of a dynamic adaptable Cyber C2 system/SoSs that can manage all cyber capabilities and dynamically adapt in near real-time (NRT) to an emerging threats and rapidly integrate (i.e., mix, match and synchronize cyber capabilities) to optimize and measure performance and effects against that threat.
Any system or SoSs that has elements and capabilities with a common objective (i.e., cyber security and operations) to defend a computing networks must have C2 to synchronize and optimize the effects of the elements and/or capabilities. Consider an offensive football squad without a command and control (i.e., their coach and quarterback). Plays are called with each player acting in a federated manner executing their role or assignment on the play. Consider the case, where each player just acted against the defensive he chooses, without regard for an orchestrated play to optimize the effects against the defense. Further, when a quarterback changes a play at the line of scrimmage, he is dynamically adapting in NRT to the defensive formation with the intent of maximizing the offensive capabilities against the defense he currently sees. In a similar manner systems and SoSs must have command and control to maximize their opportunities for effectiveness. Command and control exist in business, the military, society and sports, it must also exist in cyber if necessary and desire effects are to be achieved. Further, because of the inherent behaviors, dynamics and speeds of cyberspace, its architecture must be highly congruent and adaptable with behaviors and properties of cyberspace itself.
The present invention extends the architecture to include cyber offensive operations and the definition of the C2 model of dynamically tuning architecture (i.e., creating high congruence between the operational and system/SoSs C2 architecture) by NRT configurations (i.e., instantiating multiple C2 forms with mixed and matched capabilities to optimize effects and a new utility: performance based effects to measure the performance of the dynamics by contrasting measure of performance (MOPs) and measures of effects (MOEs). A “CyberOps Chain” (a special case of the information value chain) was defined as the analytical framework to conduct and assess MOPs to MOEs analysis. Also included is a new model to assess operators' knowledge, skills and abilities (KSAs) as an input to the performance based effects analysis. A rating metric of tools and capabilities is also a new and input variable to the MOPs and MOEs performance based effects analysis. Further, formal definitions of cyber and kinetic operations C2 integration structures are defined to support Cyber and kinetic warfare C2 integration M&S and emulations scenarios.
SUMMARY OF THE INVENTIONEmbodiments of the invention concerns systems and SoSs methods and architectures (operational and system/SoSs) that conduct full spectrum C2/BM cyber operations—the essence of this invention is the integration of new and old methods and architecture to create integrated methods and architectures for conducting C2/BM. The integration of and the dynamic ability to mix and match offensive cyberspace operations capabilities, defensive cyberspace operations capabilities, network operations tools and capabilities, computer network exploitation capabilities and cyber security controls (e.g., reference NIST 800-53) to optimize effects against existing and emerging threats is central to the invention—this is referred to as tuning the architecture herein. Further the methods and architecture can integrate kinetic operations (e.g., Naval Operations, Army Operations), lethal or non-lethal to span C2/BM over the full spectrum of military capabilities. The methods and architecture dynamically “tune” in NRT based on the mission or threat at any moment to mix and match the systems' or SoSs capabilities to high level of congruence with the mission or threat (i.e., tailoring the architecture optimize mission outcomes).
An analytical framework (AF) is defined (i.e., the Cyber Operation Chain, CyberOps Chain) to provide structure and guide the C2/BM processes enabled by the operational and system/SoSs architecture. The CyberOps chain is characterized by two interlocking process cycles that intersect at an operations transition state and information feedback loops, which reinitiate the cycles when desired effects are not met. The operational phases of the analytical framework include situational awareness (SA) at any moment in time and space, mission planning, course of action (COA) and COA selection, a transition to mission execution, battle damage assessment (BDA) and feedback loops to update SA. The analytical framework provides the basis for developing measure of performance (MOPs) and measure of effectiveness (MOEs) for missions. Further, each phase of the AF can have its own associated MOPs and MOEs, or subsets of phases may have associated MOPs and MOEs or MOPs and MOEs can be defined for the entire CyberOps Chain. MOPs to MOEs analysis can then be conducted to perform thresholds of performance necessary to achieve intended effects (e.g., How much more performance; i.e., more tuning the architecture, is necessary to achieve the desires effects.
In one aspect of the present invention, a cyber command and control system for a global computing environment includes: a plurality of global shared data spaces configured for selectively storing and retrieving cyber data according to a plurality of topics; a plurality of virtual cells and at least one commander cell, each cell having at a set of capabilities and at least one computing device electronically connected to at least one local shared data space, a suite of applications and a message platform, wherein each computing device is configured to selectively collect and message cyber data according to at least one mission-specific topic of the plurality of topics; the messaging platform configured to transmit messaged cyber data according to a predetermined message configuration; a system-of-systems architecture configured to (a) implement a peer-processing configuration across each shared data space, each computing device, and each suite of applications; and (b) implement a global sharing configuration of each local shared data space with the plurality of global shared data spaces; and a user interface integrating with each cell for the at least one commander cell to selectively establish (a) a predetermined mission that defines the at least one mission-specific topic; and (b) the predetermined message configuration.
In another aspect of the present invention, the cyber command and control system for a global computing environment further includes: wherein the plurality of global data spaces further includes a central data store across which the system-of-systems architecture is configured to implement the peer-processing configuration and the global sharing configuration, wherein the plurality of global shared data spaces is virtual, wherein the plurality of virtual global shared data spaces is cloud based, wherein the predetermined message configuration is at least one of a publish-subscribe and a request-reply message configuration, wherein the predetermined message configuration is a publish-subscribe message configuration, wherein the predetermined message configuration is only a publish-subscribe message configuration, wherein the predetermined message configuration is a request-reply message configuration, wherein the system-of-systems architecture is configured to implement only the peer-processing configuration, wherein the system-of-systems architecture is configured to implement only the global sharing configuration, wherein the system-of-systems architecture is configured to implement only the peer-processing configuration, and only the global sharing configuration, further including at least one dynamic cell formed from a portion of the plurality of virtual cells by comparing each respective set of capabilities to the predetermined mission, wherein the at least one dynamic cell is reformed when the predetermined mission is re-established through the user interface, wherein the user interface is configured to measure a performance output of the at least one dynamic cell, further including an analytic database connected to the user interface, wherein the analytic database is configured to dynamically adapt the predetermined mission base in part on the performance and effects output.
In yet another embodiment of the present invention, a cyber-physical command and control system or systems of systems for a global computing environment includes: a plurality of global shared data spaces configured for selectively storing, retrieving, publishing and subscribing to cyber-physical data according to a plurality of topics-based, and content-based and request-reply criteria; at least one centralized data store; a plurality of operational virtual or physical cells and at least one commander cell, each cell having at a set of missions and mission capabilities and at least one computing device electronically connected to at least one local shared data space, a suite of applications and a message platform, wherein each computing device is configured to selectively publish, subscribe, or retrieve cyber-physical message data according to at least one mission-specific topic-based, content-based or retrieve criteria of the plurality of topics and criteria; the messaging platform configured to transmit messaged cyber-physical data according to a predetermined message configuration; a system-of-systems architecture configured to (a) implement a peer-processing configuration across each shared data space, each computing device, and each suite of applications; and (b) implement a global sharing configuration of each local shared data space and centralized data store with the plurality of global shared data spaces and the at least one centralized data store; an operational architecture comprised of a virtual, physical, or combination of virtual and physical operational architecture; a user interface integrating with each cell for at least one commander cell to selectively establish (a) a dynamic mission that defines at least one mission-specific topic-based; content-based or request-reply criteria, and (b) the dynamic message configuration; and an analytical framework that enables the definition of, development of, and measurement of system architecture, operational architecture and more typically, integrated operational and system architectural performance and effects measurements; measure of static and or dynamic system or system of systems configuration, wherein the present invention forms and reforms command and control structure across disparate organizational and network boundaries with at least one commander cell and at least one mission cell, wherein the present invention dynamically subscribes, publishes or retrieves cyber-physical data, establishes at least one commander cell, at least one, or plurality of mission cells, and capabilities is based on predetermined mission requirements or emerging requirements to optimize and measure performance and effects, wherein the preset invention statically or dynamically establishes any and all integrated or non-integrated combinations of cyber-physical data, cell organization and relationships, C2 forms and structures, and cyber-physical capabilities, and wherein the present invention enables and provides for the development of, and measurement of, all any and all operational and system-software architectural combinations of performance and effects metrics and measurements of the system or system of systems implementation.
These and other features, aspects and advantages of the present invention will become better understood with reference to the following drawings, description and claims.
Embodiments will be described with references to the following drawing and figures, in which like numerals represent like items throughout the drawings and figures, and in which:
The invention is described with reference to the attached figures. The figures are not drawn to scale and they are provided merely to illustrate an instance of the invention. Several aspects of the invention are described below with reference to example applications for illustration. It should be understood that numerous specific details, relationships, configurations and methods are set forth to provide a full understanding of the invention. However, the dynamics and adaptability of the invention are virtually unlimited; i.e., the invention adapts to a given situation at any given moment in time and space. The invention adaptively tunes it architecture (operational and system/software) in near real-time to optimize mission outcomes and effects. This invention covers all possible dynamic and adaptable command and control and battle management configurations possible with the architecture. Further, the invention provides a system/SoSs software framework to integrate new capabilities and methods at all architectural levels; i.e., applications and infrastructure levels. This is typically done applying agile software integration and development methods to rapidly address new requirements (e.g., emerging cyber threats.
This invention covers other and all applications for which it has applicability. Examples include, but are not limited to, business, virtual organizations that implements a business entity or other organizational forms and kinetic C2/BM of kinetic (physical) warfare operations, and computer or otherwise automated games and educational instruction using the architecture. The invention includes implementations that do not include the use of virtual technologies, a combination of virtual and non-virtual technologies and all non-virtual technologies. The architecture can be implemented with tradition organizations (i.e., without the use of the VO). The invention also includes all architectural patterns; e.g., client-server, centralized, distributed; e.g., peer-to-peer (P2P), peer processing architectures and any combination that can be employed to implement the invention. The knowledgeable and/or ordinary practitioner will recognize the invention can be implemented with one or more of the methods and architectural patterns, operational architectural patterns or system/SoSs patterns. In other instances of the architectural patterns (operational or system/software) are not shown in detail to avoid obscuring the invention. The invention is not limited by the illustrated ordering of events, processes or configurations as some
Events may occur in different orders and/or concurrently with other configurations or events. Furthermore, not all illustrated configurations or events are required to implement a methodology in accordance with the invention. It should also be understood that the concepts (e.g., CyberOps Chain) and terminology used herein are for the purpose of describing particular embodiments, characteristics and properties of the system or SoSs and is not intended to be limiting of the invention as described above. The terms “CyberOps Chain”, “Kill Chain” and “Cyber Operations Analytical Framework” refer to the same processes, but have different context based on the current discussion (e.g., kill chain is used when the discussion refers to kinetic vice cyber operations). The Cyber Operations Analytical Framework terminology is used when the intent is to emphasize the analytical properties of the chains.
As used herein, the singular forms “a”, “an” and “the” can be intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, to the extent that the terms “including”, “includes”, “having”, “has”, “with”, or other variants thereof are used in either the detailed description and/or the claims, such terms are intended to be inclusive in a manner similar to the term “comprising.”
Further, unless otherwise defined, all terms (including, but not limited to: technical, engineering, scientific, operational, system, SoSs, business, and military terms) used herein have the same meaning as commonly understood by one of ordinary skill in the practice to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries and acronym lists, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant practice and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Referring to
The 105 in
The invention generally concerns a method for communicating data in a computer network (e.g., in computer network 105 in
The 106.0-106.4 in
The configuration in
However, in this configuration all enterprise data is sent to the centralized databases at 203.0-203.2 and the large and smaller organizations access the centralized Cloud from their regional sites or geographical locations.
The CyberOps Chain is two (i.e., C2 and BM) integrated and continuous near real-time cycles, occurring to manage cyberspace operations across the cyber operational domain.
As in all phases of the CyberOps Chain, the framework provides architectural extensibility for new functional capability and applications (e.g., SA applications) integration. This extensibility applies to all phases of the CyberOps chain for the purpose of rapidly integrating new capability through an agile integration processes with API modifications or new design and development. This “operational engineering and acquisition” is an inherent part of the invention because the framework itself was designed to accommodate rapid acquisition needs of the cyberspace operational environment (e.g., the invention includes an engineering cell and operational test bed). In
In
The Cyber C2/BM system architecture
In
One of the cyber capabilities the invention manages is cyber security controls. In
The implementation of this capability in the invention utilizes the publish and subscribe distributed R/T service in the C2/BM infrastructure service layer, 701 to publish cyber intrusion sensor data to SA database, i.e., virtual or shared data spaces,
The invention provides the software framework to integrate cyber and kinetic (cyber-physical operations). In
The invention's provides a distributed near real-time architecture that simultaneously conducts C2/BM analytical framework processing at local sites
The centralized cylinder in the middle of
The cloud and cylinder at the bottom of the diagram, 905 and 906 is a centralized data store employing cloud technology. Note, this does not have to utilize Cloud technology. Any enterprise database management system (DBMS) can serve the purpose. This data store subscribes to all data across the enterprise and serves as a hot backup and support forensic analysis. Update publications from the operational domains occur when new domain data appears in the local databases, but update frequencies can be adjusted per operational needs.
Referring to
The invention employs the Object Management Group's Data Distribution Services (DDS) specification standard. Currently, the invention is built with the OpenSplice, RTI, and Twin Oak's versions of DDS.
Referring to
Traditional operational architectures are typically based on hierarchical, report-to, centralized chains of command structures. These traditional hierarchical structures, the mainstay of traditional business and military organizations have shown to be unable to provide rapid dissemination of SA nor information sharing within the planning and of course-of-action (COA) generation timelines necessary to support effective command decisions while conducting cyberspace operations. Furthermore, they do not easily facilitate C2/BM processes across a distributed peer-to-peer environment.
The invention implements an effective operational architectural to minimize or eliminate the deficiencies of hierarchical layers characteristic of traditional command and control organizations and “report-to” C2, is a “virtual organization” (VO).
The invention can solve many of the difficult operational challenges in Cyberspace operations, such as those challenges (e.g., dynamically creating an organization command structure across organizational and network boundaries, dynamically create cells with tailored data, the cyber capabilities for the emerging threat, and occupied by personnel with appropriate skills, all to optimize performance and effects. Furthermore, the VO can make operational SoSs architectural integration across commands and missions (e.g., kinetic integrated with cyber) rather easy.
The cyber C2/BM cells in
The Cyber C2/BM invention has two types of operational cells, static and dynamic. Further, either cell type can either be a mission cells or group cell. Defined as follows: 1) mission cells execute one type of mission operation (e.g., intrusion detection, intrusion response, battle damage assessment, cyber protection). A group cell performs multiple missions (e.g., intrusion detection and intrusion response, or cyber protection, battle damage assessment and others, 1-n missions). Either type of cell can be dynamically created or can be steady-state (i.e., exist 24/7).
The static mission cell is illustrated in
From above, the dynamic cell
Typically this dynamically created team will be a “hand-picked” to address the emerging threat or crisis. This is an example of the invention's property, “tuning” the architecture to optimize performance and effects (i.e., here, the commander or manager hand picks personnel highly skilled to engage the merging threat, crisis or whatever the need may be—noting the operational architecture not only includes organizations, their interfaces and processes, but human intellectual capital, (i.e., the level of knowledge, skills and abilities (KSAs) can have impact on performance and effects.
As described above 1503, 1504 and 1505 are dynamically created to optimize emerging mission outcomes and are consistent with
Traditional military C2 structures are centralized and hierarchical. In
The dynamic creation of SoSs C2/BM mission configuration is illustrated in
The C2/BM configuration is identical to
The dynamic cell creation in
Tuning the C2/BM architecture system/SoSs and operational architecture to high congruence for optimal effects is illustrated in
The invention includes a mobile agent environment and management systems as illustrated in
Agent 1902.0 detects an event consistent with the enterprise warning (i.e., cyber-attack event at 1903.0). Employing their DDS publish-subscribe capability, dispatched agent 1902.0 begins publishing results to intrusion sensors, 1904.0 and 1904.1 and notifying the ID cell's VSDS and its SA displays, 1901.1. The ID cell then begins coordination with the IR cell 1901.2. Simultaneously a cyber warrior joins all three operation cells virtually at 1905 in
The ID cell, 1901.1 utilizing the DDS services,
During conducting and execution of cyber operations the fundamental goal is to maintain information superiority over ones competition or adversary (i.e., the ability to process and create decision ready information faster and with better quality than ones opponent). It is at the essence of information superiority. The
The x-axis quantifies the percent of cyberspace operations capabilities and resources applied (MOPs) and the y-axis is the percent information-centric value (i.e., information superiority) maintained or achieved (MOEs). The resources and capabilities include, technology (e.g., high performance, adaptable Cyber C2/BM system/SoSs), CyberOps Chain (i.e., the analytical framework), and the information value MOPs to MOEs chain), processes (e.g., best algorithms), data/information, human intellectual capital (i.e., KSA levels); all are input variables informing the MOPs and MOE and their criteria (i.e., all are elements of the operational and system/SoSs) architecture).
The downward arrow and resultant graph 2001 illustrates one actor applying cyber attack to decrease their opponent's information centric value. As more and more cyber attacks) occurs against their opponent, their opponent's information centric value (i.e., MOEs) and cyber performance (i.e., MOPs) declines. However, simultaneously, the upward arrow and resulting graph 2002 illustrate their opponent's attempt to applying greater defensive countermeasure (MOPs) to increase information centric value (MOEs) to neutralize the attacks. As the adaptive Cyber C2/BM system/SoSs operational and systems architecture are tuned to achieve greater and greater desired effects and performance (i.e., offensive and/or defense) their reaches a “knee” in the curve, 2001.1 and 2002.1. At this point on the graph, the MOPs to MOEs analysis yield the best effects and performance intersection. As the graph illustrates, at this knee in the curve point, more performance yields lesser and lesser effects (i.e., the cost to achieve greater effects has a disproportionate cost in performance.
The information value MOPs to MOEs analysis chain (M2IVAC) is described in
1. Quality, Example MOP: Grade A-F or A=90-100 (4 points), B=80-89 (3 points), C=70-79 (2 points) and so on.
2. Quantity, Example MOP: Example MOP: 1-n count, defined dynamically by mission. Score of n equate A (4 points); n-x equates to B (3 points)
3. Tools and capability evaluation score. Example MOP: Grade A-F or A=90-100, B=80-89, C=70-79 and so on. Standard 4-0 points apply per grade.
4. Timelines, Example MOP: seconds, minutes, hours; defined dynamically by mission. Score of A or 100 equates some time, some delta time/range equates to B, and so on.
5. Training and readiness (T&R) assessment levels (score) based on performing mission essential tasks (METs)
a. Team: Example MOP: Degree completion of MET, % Complete/Time equates to some score range 0-100/A-F/0-4 points; each level multiplies by weight 0≦1 per level of expertise.
6. Individual: Example MOP: Grade A-F on individual role in task, same as 1.
7. Certification levels
a. Individual, Example MOP: entry, midlevel, expert; equates to some number;
b. Team: Example MOP: Grade A-F, same as 1.
8. Adaptability: Performance of the System/SoSs and operational architectures (including operator's KSAs) employed to dynamically tune for high congruence to achieve most optimal effects, Example MOP: Time to dynamically reconfigure (i.e., tune) operational and system/SoSs architecture's implementation to achieve continuously improved outcomes; T=time, X=ΔT. ΔT is defined per mission requirements or for T&R assessments.
a. Tn≦x equates to A score (4 points);
b. Tn+1≦xΔt equates to B score (3 points);
c. Tn+2≦xΔt equates to C score (2 points);
d. Tn+3≦xΔt equates to D score (1 points);
e. Tn+4≦xΔt equates to F score (0 points);
Different mathematical models for Cyber MOPs to MOEs analysis can be used and will evolve as practitioners operate in cyberspace and use the invention. The invention accounts for their integration as new applications,
X is any MOP criteria score, where the numbers of MOP criteria scores are Xn
W=W>0≦1 is the weighted value of any given Xn
The MOP weighted value is MOPw=Xn*Wn
Using criteria 6 as an example, an entry level operator has a lesser weighted performance value than a midlevel operator and a midlevel operator less than an experienced operator. Considering criteria 7 as another example, distributed system architectures have identifiable and quantifiable performance characteristics and relationships. For example, given everything else being equal, the implementation of a distributed system/SoSs, employing a request-reply messaging models are known to be orders of magnitude slower in speed (timeliness) than a publish-and-subscribe messaging model. Operationally, it may be determined given emerging threats that one architectural pattern is weighted higher than another. Another example could consider the performance of a centralized C2 model vs. a distributed C2 model, the implementation of the two C2 models will have different performance capabilities; centralized and distributed C2 configuration models are illustrated in
The intent of the invention is not to provide the metrics models or their technology designs or implementations, but rather the analytical framework
Sophisticated MOPs and MOEs metrics should be tailored to the event phenomena (e.g., class of attack) or target (e.g., server). One reason for this is different computing patterns have different performance behaviors and effects outcomes because of their designs. For example, a relational database will inherently have different computing behaviors (e.g., performance) than that of an object oriented database or, one implementation of scanning tool may behave differently than another vendor's implementation of the tool. These behaviors and variances need to be reflected in MOPs to MOEs definitions and analysis models.
Information, 2100.2 is transformed into information context with MOPs metrics 2101.1 are provided and Inform SA, 2102 and identified as “decision ready” information. COA and mission execution is identified, but not discussed in detail here as it's not specifically germane to MOPs to MOEs analysis—execution has already occurred and SA will be updated with output from MOPs and MOEs analysis. See
Consider a denial of service (DOS) attack on a server. An example, MOE: What was the level of server degradation or neutralization? (This is typically a percentage degraded measurement) vs. MOP: How long can we keep it at a certain state of degradation or inoperable? (This is typically a time measurement).
This output information then updates the SA picture using feedback loops, see
DMm=Dynamic Mission Instantiation, where m is any dynamic mission instantiation
DCd=Dynamic Cells, where d is the number of dynamic cells integrated
SCs=Static Cell, where c is the number of static cells integrated dynamically
Ct=Total number of cell, where t is the sum of DC and DC integrated into the dynamically created instantiation
Xx=METs, where x is the number of METs selected for the dynamic mission
Yy=Major Missions, where y is the number of major missions integrated
Zz=Major Mission, Sub-Missions, where z is the number of major mission, submissions instantiated
DMm=ΣXx+ΣYy+ΣZz and Ct=DCd+SCs
As this dynamics integration occurs, static
At 2303.6 and event occurs that triggers the adaptable, dynamic creation process of cyber-physical SoSs integration with appropriate cells as illustrated in
A SoSs hypothetical scenario example integrating cyber C2/BM and kinetic (C2/BM global missile defense (GMD)) is illustrated in
-
- Square boxes are major command centers
- Ovals are operational cells associated with major command centers
- Non-square encased operators are missile defense related actions and activities
- Operators encased in a boxes are cyber operators, symbols are cyber warfare related actions and activities
- ARROWS indicate notification, exchange of data, coordination and other operational activities to ensure mission success
For this example scenario, it is assumed appropriate cyber C2/BM systems are in place and will perform at real-time cyber “opt tempo” speeds to exchange data, perform information handoffs, coordination, collaboration and planning. The numbers 1-5,
(1) Cyber warrior
(2) PACOM AOR C2BMC begins sharing of cyber and missile defense information and coordination with BMD Commander2401.0 and BMD launch crew 2403.0 Cyber SA and implications of cyber attack are shared and COA development begins. Additionally, cyber and network operators 2400.0, 2401.0, 2403.0 begin remediation of attack and begin to analyze the effects of the cyber attacks and begin recovery of degraded capabilities.
(3) The BMDS Cyber Commander is coordinating missile defense COAs and cyber SA with launch crew 2405.0 and 20600.0. NORTHCOM is receiving cyber and missile defense SA updates and taking C2/BM control of the missile threat and launch. Simultaneously USCYBERCOM is being engaged and COCOMS are sharing cyber SA and other relevant information to plan COAs and engage the cyber threat.
(4) USCYERCOM element 2404.0 engages the cyber threat and neutralizes the attack at elapsed time (E). At elapsed time (F), missile tracking has been restored. At elapsed time (G) tracking is confirmed and engagement of missile threat is resumed.
(5) Missile launch crew 2403.2 engages with interceptor and at elapsed time (H) the incoming missile threat is neutralized.
(6) During engagement, DHS 2405.1 and DoD Cyber Cells 2404.1 sharing cyber data (e.g., critical infrastructure cyber SA) with DOD cyber Cell 2400.0 engaging cyber attackers that may be attacking CI communications vital to BMD.
The above is a hypothetical scenario and it does not necessarily represent actual organizational alignments, command structure or order of battle. However, it is intended to illustrate the opt-tempo and speed of cyber-attacks and the coordination, sharing of information, collaboration of the invention. The invention enable national and joint integration of both a cyber and kinetic C2/BM simultaneously. The invention provides for this tactical, operational and strategic level of integration and asynchronous SoSs execution of the Cyber-kinetic C2/BM analytical framework.
Sophisticated Cyber C2/BM will be integrated with kinetic C2/BM operations—providing a true systems-of-system architecture to enable net-centric (synergistic) effects across cyber and kinetic warfare operations. The third and final system architectural pattern is a peer-processing architecture. This is a special case of P2P in it theoretically employs identical C2/BM software suites across an enterprise, that coordinate and cooperate in a federated manner, The concept was pictorially illustrated in
The cells of the invention can be modeled and emulated as C2/BM system agents, both individual and collectively. Herein are representative definitions of Cyber C2/BM command structures. The invention includes all variances of this definition that can be implemented with the invention. To support C2/BM modeling, emulation and mathematical formulation, cells can be defined and informed using set theory. Sets are defined by their membership relationships and operations, unions' intersections and so on. The invention's cells are sets of cyber operations members. The cells operational behaviors can be characterized by set operations. For example, its cyber mission members define a cell's membership (e.g., intrusion detection cell); that is, a set consists of members. Notation: x “is a member of” A . . . means that x is a member of set A.
In Set Theory diagrams like
Cyber C2/BM command constructers that support Cyber C2/BM agent-based modeling and emulation are defied. The invention's construct is consistent with, and augments work done at NPS [D. Wijesekera, J. Michael, et al] by providing a cyber analogous Cyber C2 formal structures that can ingrate with the formal BMD C2 structures defined in [D. Wijesekera, J. Michael, et al]. The formal Cyber C2 structures herein integrate and instantiate a SoSs BMDS C2/BM with Cyber the Cyber C2/BM invention. Policies for operating in this SoSs configuration are numerous and all variants that are possible are with the invention are inclusive in the patent. The analytical framework to processes the SoSs operational policies are illustrated in
Cyber Cell Commander Agent Definition: For the purpose of Cyber C2/BM modeling and emulation, commander cells are defined as commander agents. The invention's Cyber C2/BM operational architecture defines virtual cells that are analogous to cells in a typical military C2 organization. Each cell has a commander. Cells are deployed at the strategic level of command by a strategic cyber commander (SCC); operational level of command by a cyber operational commander (COC); and at the tactical level of command by a tactical cyber commander (TCC). The invention's architecture also provides for the “on demand” creation of dynamic cells and groups as defined earlier herein. These cells and groups have a commander [or leader in civilian organizations] as well, i.e., a dynamic cell commander (DCC). Our formal command structures definitions are intended to be highly adaptable with “on demand” dynamic structuring to meet the uncertainty of who may become an instant stakeholder (i.e., because cyber attacks are crossing organizational and network boundaries). This requirement demands the operational capability to create “on demand” Cyber C2 structures with associated operational process, tools, data, protocols and system capabilities,
Composing Dynamic C2 Structure Definitions: The invention's agents-based Cyber C2 formal structures that will be employed to emulate and model Cyber C2/BM system while executing the CyberOps Chain (I.e., analytical framework described earlier herein,
Cyber C2/BM Command Structures Definitions: In order to emulate and model the cyber C2/BM cells, their formal structures are defined. As we have discussed, herein, the cyber C2 cells can be organized as a hierarchical structure familiar to kinetic warfare operators, as the right side of
Consistent with [D. Wijesekera, J. Michael, et al], our SCC has a set of OCCs and each OCC has a set of persistent TCCs. All TCCs read the cyber sensors net (CyberSensorNet) in their network area of responsibility. They generate cyber situational awareness and share cyber sensor net summaries and execution assessments (ExeAssessSt) summaries with their persistent OCCs. As an example, execution assessments have three “states”; they are: execution was “successful” or “partially successful” or “failed.” However, more sophisticated metric are inclusive in the invention. And they apply at all levels of command too; summaries are tailored to the commander's needs at their respective levels. OCCs further summarize their cyber sensor net summaries and execution assessments from TCCs and forward to the persistent SCC where a strategic summary occurs from the OCCs inputs. Cyber operations chain (CyberOpsChnSt) has a state value that maps to the each phase of the cyber operations chain described earlier (e.g., in execution state) and again applies at all levels of command; again, the difference being the summaries are tailored to the commander's needs at their respective levels.
As earlier defined herein, the invention's C2 structures can have dynamic cells and groups that can be created across all levels as operationally required, each with its own commander (e.g., enhance operational effects through tailored coordination). Dynamic cells or group DCCs can read all information needed to perform their dynamic mission. They provide summaries of their dynamic missions in the same manner and protocol as persistent cells, but their summaries are tailored to their dynamic mission. For the purpose of this example, C2 structures are bounded by the formal definition below. This Pt recognizes as cyber C2 processes and policies evolve, this formal definition will become much more complex. We purposely excluded the cyber weapons from the formal C2 structure because they are applications that typically reside at the architectural application layer as illustrated in
Definition: A cyber “persistent” command and control structure is a 7-tuple (IDp, scsID, occID, tccID, sccSchema, occSchema, tccSchema,) where IDp is a finite set of identifiers that is a unique to all entities in the Cyber C2 model. ScsID, occID, and tccID are the identifies of the SCC, OCC, TCC and is satisfied by the following condition:
IDp=(tccID □occID □sccID) □{CyberOpsChnSt, ExeAssessSt, CyberSensorNet,} where sets on the right side are disjoint.
Definition: A cyber “dynamic” command and control structure is a 3-tuple (IDd, dccID, dccSchema,) where IDd is a finite set of identifiers that is a unique to the “dynamic” Cyber C2 model. dccID identifies DCC:DCC is defined as n!/k!, where n is the number of cell commanders and k is pairing combinations created with “on demand” dynamic cell integration across C2 levels, DCC is the highest ranking commander in the dynamic pairing and is satisfied by the following conditions:
IDd=(dccID) □(tccID □occID □sccID) □{CyberOpsChnSt, ExeAssessSt, CyberSensorNet,} where sets on the right side are disjoint.
DCC parings are defined as:
DCC={DCC:SCC□DCC and OCC□DCC and TCC□DCC}
or
DCC={DCC:SCC DCC and OCC□DCC}.
or
DCC={DCC:SCC□DCC and TCC□DCC}
or
DCC={DCC:OCC□DCC and TCC□DCC}
Definition: The CyberOpsChnSt identifier is satisfied as follows:
CyberOpsChnSt(x, t): is a state variable x with values “situational awareness” or “planning” or” COA selection” or “execution” “execution assessment” or “feedback” or “SA update.” These states correspond to the phases (or states) of the CyberOps Chain at any point in time (t).
Definition: The ExeAssesSt identifier is satisfied as follows:
ExeAssess(y, t:y is a state variable with vales “failed” or “partial success” or “success” at any point in time (t).
Analogues to [D. Wijesekera, J. Michael, et al] sccSchema, occschema, tccSchema are sets of well typed instances of the following:
SCC(id, myPeers, CyberOpsChnSt, ExeAssess,CyberSensorNet)
OCC(id, mySuperiors, myTCCs, CyberOps,myChnSt, ExeAssess, CyberSensorNet)
TCC(id, mySuperiors, myOCC, CybetOpsChnSt, ExeAssess, CyberSensorNet)
DCC(id, myPeers(dccID), CyberOpschSt, ExeAssess, CyberSensorNet))
From, [D. Wijesekera, J. Michael, et al] the well typedness of the schema instances are defined as follow:
1. All instances of myPeers in sccSchema are subsets of sccID.
2. All subordinate instances in sccSchema are subsets of occID□tccID and all subordinate instances of occID are subsets of tccID
3. All superior instances in tccSchema are singleton subsets of occID□tccID and all superior instances of occSchema are singleton subsets of sccID
4. All superior instances in dccSchema are determined by singleton subsets such that sccID>occID>tccID.
Again, derived from [D. Wijesekera, J. Michael, et al] Lemma 1 states some simple conditions satisfied by the cyber C2 structure.
Lemma 1; C2 Structures satisfy the following conditions
1. Every C2 structure is a forest of trees and peer structures simultaneously,
2. Every tree in a C2 structure can have n levels iff there is at least one leaf in the tree and every path from a root to a leaf list the agents in the order [SCC>OCC>TCC]
3. When DCC agents exist in the C2 structure, the order follows 2, starting with the highest level commander in the dynamically created leaf
The dynamic creation of SoSs C2/BM mission configuration is illustrated in
The C2/BM configuration is identical to
The dynamic cell creation in
Furthermore, the present invention includes a System and system-of-systems (SoSs) architectures, methods and integration for dynamically and adaptively, in near real-time (NRT) managing and executing; i.e., command and control (C2 Cycle: situational awareness, planning, course-of-action (COA) development and selection) and execution or battle management EM/BM Cycle: execution of selected COA, assessment of COA execution, and update of SA via execution assessment; i.e., feedback loops); e.g., EM or BM across a global cyber enterprise, global cyberspace or integration of cyber and kinetic across a global enterprise or global environment; integrates, synchronizes and executes with kinetic operations employing a adaptive and dynamic mixing and matching of capabilities for optimal effects; in NRT adaptively and dynamically tunes the architecture implementation (invention) to measure and maximize effects. The methods involve execution of a Cyber Operations “CyberOps” Chain of interlocking C2 and EM or BM cycles or the integration with a kinetic “Kill Chain”, defined in the Department of Defense, to integrate and effect optimal cyber/kinetic integration and mission outcomes—utility. A software framework that rapidly facilitates new capability integration and adaptively dynamically harmonizes its operational and system/SoSs architectures in NRT to optimize mission performance and effectiveness (e.g., resilience)—MOPs to MOEs (M2) analysis by employing an information value analysis chain (M2IVAC). The architecture can dynamically instantiate centralized or distributed C2 forms and other derived forms. Further, it can instantiate and manage multiple forms simultaneously. For the remainder of the discussion, BM will be used. The following diagram illustrates the first order integrated processes; i.e., Cyber and kinetic operational chains employed by the invention. Note they are identical syntactically, but phases of the cycles are germane to their respective operational domains, but because of this congruence, integration of cyber and kinetic is made more seamless.
Claims
1. A cyber command and control system for a global computing environment, comprised of:
- a plurality of global shared data spaces configured for selectively storing and retrieving cyber data according to a plurality of topics;
- a plurality of virtual cells and at least one commander cell, each cell having at a set of capabilities and at least one computing device electronically connected to at least one local shared data space, a suite of applications and a message platform, wherein each computing device is configured to selectively collect and message cyber data according to at least one mission-specific topic of the plurality of topics;
- the messaging platform configured to transmit messaged cyber data according to a predetermined message configuration;
- a system-of-systems architecture configured to (a) implement a peer-processing configuration across each shared data space, each computing device, and each suite of applications; and (b) implement a global sharing configuration of each local shared data space with the plurality of global shared data spaces; and
- a user interface integrating with each cell for the at least one commander cell to selectively establish (a) a predetermined mission that defines the at least one mission-specific topic; and (b) the predetermined message configuration.
2. The system of claim 1, wherein the plurality of global data spaces further includes a central data store across which the system-of-systems architecture is configured to implement the peer-processing configuration and the global sharing configuration.
3. The system of claim 1, wherein the plurality of global shared data spaces is virtual.
4. The system of claim 3, wherein the plurality of virtual global shared data spaces is cloud based.
5. The system of claim 1, wherein the predetermined message configuration is at least one of a publish-subscribe and a request-reply message configuration.
6. The system of claim 1, wherein the predetermined message configuration is a publish-subscribe message configuration.
7. The system of claim 1, wherein the predetermined message configuration is only a publish-subscribe message configuration.
8. The system of claim 1, wherein the predetermined message configuration is a request-reply message configuration.
9. The system of claim 1, wherein the system-of-systems architecture is configured to implement only the peer-processing configuration.
10. The system of claim 1, wherein the system-of-systems architecture is configured to implement only the global sharing configuration.
11. The system of claim 1, wherein the system-of-systems architecture is configured to implement only the peer-processing configuration, and only the global sharing configuration.
12. The system of claim 1, further comprising at least one dynamic cell formed from a portion of the plurality of virtual cells by comparing each respective set of capabilities to the predetermined mission.
13. The system of claim 12, wherein the at least one dynamic cell is reformed when the predetermined mission is re-established through the user interface.
14. The system of claim 13, wherein the user interface is configured to measure a performance output of the at least one dynamic cell.
15. The system of claim 14, further comprising an analytic database connected to the user interface, wherein the analytic database is configured to dynamically adapt the predetermined mission base in part on the performance and effects output.
16. A cyber-physical command and control system for a global computing environment, comprised of:
- a plurality of global shared data spaces configured for selectively storing, retrieving, publishing and subscribing to cyber-physical data according to a plurality of topics-based, and content-based and request-reply criteria;
- at least one centralized data store;
- a plurality of operational virtual or physical cells and at least one commander cell, each cell having at a set of missions and mission capabilities and at least one computing device electronically connected to at least one local shared data space, a suite of applications and a message platform, wherein each computing device is configured to selectively publish, subscribe, or retrieve cyber-physical message data according to at least one mission-specific topic-based, content-based or retrieve criteria of the plurality of topics and criteria;
- the messaging platform configured to transmit messaged cyber-physical data according to a predetermined message configuration;
- a system-of-systems architecture configured to (a) implement a peer-processing configuration across each shared data space, each computing device, and each suite of applications; and (b) implement a global sharing configuration of each local shared data space and centralized data store with the plurality of global shared data spaces and the at least one centralized data store;
- an operational architecture comprised of a virtual, physical, or combination of virtual and physical operational architecture;
- a user interface integrating with each cell for at least one commander cell to selectively establish (a) a dynamic mission that defines at least one mission-specific topic-based; content-based or request-reply criteria, and (b) the dynamic message configuration; and
- an analytical framework that enables the definition of, development of, and measurement of system architecture, operational architecture and more typically, integrated operational and system architectural performance and effects measurements; measure of static and or dynamic system or system of systems configuration.
17. The system of claim 16, wherein the cyber-physical command and control system forms and reforms command and control structure across disparate organizational and network boundaries with at least one commander cell and at least one mission cell.
18. The system of claim 16, wherein the cyber-physical command and control system dynamically subscribes, publishes or retrieves cyber-physical data, establishes at least one commander cell, at least one, or plurality of mission cells, and capabilities is based on predetermined mission requirements or emerging requirements to optimize and measure performance and effects.
19. The system and system of systems of claim 16, wherein the cyber-physical command and control system statically or dynamically establishes any and all integrated or non-integrated combinations of cyber-physical data, cell organization and relationships, C2 forms and structures, and cyber-physical capabilities.
20. The system and system of systems of claim 19, wherein the cyber-physical command and control system enables and provides for the development of, and measurement of, all any and all operational and system-software architectural combinations of performance and effects metrics and measurements of the system or system of systems implementation.
Type: Application
Filed: May 23, 2016
Publication Date: Nov 24, 2016
Inventor: John SARKESAIN (Ashburn, VA)
Application Number: 15/161,907