A soldier from the 3rd Brigade Combat Team (BCT), 10th Mountain Division uses Capability Set (CS) 13 equipment at Fort Drum, N.Y., on Oct. 10. (Photo by: Claire Heininger, U.S. Army)
AUSA: Defense contractor Peraton is currently developing network operations capabilities meant to integrate myriad sensors and data feeds to provide better visibility across the Army’s envisioned unified network — and to simplify the technical complexity.
“There’s probably 1,000 companies that have fielded stuff into the DoD [network] to do either sensing or feeding,” Jennifer Napper, Peraton’s VP of Army Cyber Business, told Breaking Defense this week at the Association of the United States Army’s (AUSA) annual meeting. “Today, because a lot of the ways things have been fielded in the past, things that were fielded came with their own network operations capabilities. […] This tries to make sense out of all of that in one pane of glass. This integrates all those sensors across the network and the current data being fed into something that’s usable.”
The Army rolled out its Unified Network Plan last week, which is part of a broader initiative the Army says is its “most expansive modernization program in 40 years.” The goal is to enable Multi-Domain Operations, meaning the ability to “operate, compete, and, if necessary, fight and win in all domains — air, land, sea, and cyberspace,” according to the UNP.
The bedrock of this effort is the network, Army leaders have said. The fundamental challenge ahead for realizing MDO is to stitch together the Army’s resources and capabilities — from soldiers and tanks to software and fires — via the unified network, from cloud to edge. But the unified network also must be secured and resilient against highly capable near-peer cyber adversaries, and network operators can’t secure assets or mitigate threats against them if they don’t have visibility across the network.
Enter Peraton and its current effort to develop unified network operations capabilities, which will provide “a visualization of [the Army’s] networks and its security from the battlefield up into Army Cyber [Command],” Napper said.
The work was awarded to Peraton’s applied research organization, Peraton Labs, about a month and a half ago as a task order under a General Services Administration OASIS (One Acquisition for Integrated Services) contract, Napper said. The project is part of Peraton’s broader, ongoing $905 million program supporting cyberspace operations for Army Cyber Command. The company said it has increased total revenue from $1 billion to $7 billion in the last year alone.
“This is a hard problem, so it’s not going to go to a [product] vendor. It’s going to go to a lab with really smart folks,” Napper said, pointing to what she said were scores of Peraton Labs employees who hold both security clearances and doctorates.
Napper likened the capabilities being developed to what are commonly found in network operations centers and security operations centers. In the commercial world, organizations may have a NOC but not a SOC or vice versa. Not so in the military.
“In the DoD, we can’t afford for [the NOC and SOC] to be separate,” Napper noted. “It has to be in the same place at the same time to understand what’s really going on in the network. Is it an outage of a piece of equipment or an adversary interfering? You have to know that in near real time.”
The crux of the Army’s unified network challenge, like that facing all the services and the DoD more broadly as it builds out the Joint All Domain Command and Control (JADC2) concept, is integration.
And the task before Peraton is hardly a simple one. Networks are complex systems, which means complexity doesn’t increase linearly as networks get larger. As networks expand, complexity scales exponentially, including the task of managing all the data generated by disparate sensors and feeds.
Security analysts who work in SOCs have long complained about “alert fatigue” due to the increasing volume of data that must be analyzed, prioritized, and acted upon. One particular pain point for human analysts is sorting real threats from false positives amid a never-ending deluge of data. This is a problem artificial intelligence, machine learning, and automation are ideal for helping to solve, if scientists and technologists can get it right.
“You cannot [defend the network] without a really good understanding of the data and doing all the things that have to be done by the smart data scientists and then use machine learning to get smarter every time,” Napper observed. “So long term, when you start getting all that information in one place, you can train your machines. The machines will learn and then you can have them make the decisions on that 90% of the alerts. Go fix it. Automate it. And then maybe someday 95% or 99% and then you only have the people act on the things way at the top.”
A key piece to making this artificial intelligence-machine learning-automation use case effective is to use data to establish baselines for what is normal and then focus on flagging and investigating anomalies. This is why anomalous behavior detection is a key capability in zero-trust architectures.
But, ultimately, there is no single product, tool, or capability that will provide unified network operations or zero-trust security.
“There’s no tool that’s going to save the world, so we’re working on integrating the tools that work best for the networks that [the Army has] into one single pane of glass,” Napper said. “If there’s one thing DoD and industry have done, it’s try a whole bunch of different tools over the last 10 to 12 years. What we have to do now is string them all together to show which ones work best for the capabilities the Army needs today and divest the ones that they don’t need.”
