About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
The MITRE Digest
Advanced Research
Aviation Systems
Defense and Intelligence
Federal Sector Modernization
Health Transformation
Homeland Security

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps

 

 Home > News & Events > MITRE Publications > The MITRE Digest >

MARIAAN Helps the Air Force "Fight Through" Cyber Attacks

November 2009

MARIAAN Helps the Air Force "Fight Through" Cyber Attacks

For the Air Force, "fighting through" an attack doesn't always involve jets or missiles. Often, "attacks" take the form of virtual strikes on all-important computer networks. Fighting through in such cases means ensuring that operations can continue in spite of threats that jeopardize critical missions.

With the uptick in online communications such as live chat between ground-based commanders and aircraft, the Air Force faces an increased risk of cyber-warfare attacks and related data security breaches. These additional communications channels offer more opportunities for hackers to break into and siphon important information from vital computer systems. The issue was highlighted this year, when widespread cyber attacks adversely affected some daily missions of several government agencies, including the Treasury Department, the Secret Service, the Federal Trade Commission, and the Department of Transportation.

Breaches such as these could imperil critical operations and even put lives at risk. To reduce that risk, MITRE researchers are developing security solutions that will enable the Air Force to fuse important mission information with details about security breaches as they occur.

One prototype solution enhances Air Force information assurance capabilities by delivering critical security alerts to warfighters in the field. Armed with that information, they can more easily respond to data security threats in real time. The solution—a software and sensor toolset known as "Mission Aware Reporting of Information Assurance for Airborne Networks," or MARIAAN—can be customized to work on a variety of Air Force communications network enclaves, including on bandwidth-constrained, forward-deployed, ground-based networks known as "enclaves," and on airborne communications platforms. Such networks sometimes operate in geographically remote locations and are challenging to secure and monitor due to both physical and technological constraints.

MARIAAN will help warfighters to continue operations through cyber attacks, explains Rosalie McQuaid, the MITRE principal information security engineer who leads the project.

Strengthening Defenses for the Global Information Grid


Mission Assurance at MITRE:
Keeping Sponsors' Operations Up and Running

Mission assurance—the ability to keep critical mission functions operational in spite of attacks or outages—is a key focus for MITRE and its sponsors. We are working on a number of fronts to help sponsors maintain capabilities to complete their missions even under adverse conditions. For example, MITRE's Operations Without Space initiative helps sponsors to prepare contingency plans if satellite services become impaired. Our experts are also developing tools for satellite system operators and users to recognize outages or degradation in service so they can confront any underlying issues. Through a similar program, our Mission Assurance Against Advanced Cyber Threats initiative, we are helping government and industry to fight network attacks, compromised data, supply-chain tampering, and other such threats to minimize damage to equipment and data.

 

"The extension of Internet protocol-based communications to the tactical edge—airborne and enclave networks—introduces new cyber-threat entry points into the Global Information Grid," she explains. (The Global Information Grid, or GIG, is the Department of Defense's globally interconnected set of capabilities for sharing information on demand among warfighters, policy-makers, and support personnel.)

One challenge in protecting military networks is that existing information assurance techniques do not take into account specific details about ongoing, real-world missions. "Connecting the actual missions to likely cyber threats is critical for mission success and improved situational awareness for warfighters," McQuaid explains. That's where MARIAAN comes in.

The prototype works by correlating "information assurance events"—data about potential security breaches—with mission details such as asset dependency, criticality and location. The information about these events is then distributed within and among selected users on Air Force enclave and airborne networks. MARIAAN assesses mission impact and suggests simple actions to help ensure that critical mission functions can continue.

Ensuring Security Within a Broad Mission Context

"Enclaves don't operate in a vacuum," McQuaid says. "While warfighters using a particular enclave have a specific mission, they also work in a broader mission context that involves other enclaves, resources, and capabilities," she says. "This means that sharing security information between enclaves is necessary to provide overall situational awareness and has a direct connection to mission assurance in terms of managing risks from cyber attacks."

MARIAAN takes advantage of another capability developed with help from MITRE, called Common Event Expression (CEE). CEE helps to provide a bandwidth-efficient means of communication between enclave networks and central, ground-based Air Force monitoring facilities. It also provides a standard means of conveying security event data (providing a standard format for notification) within Air Force networks. CEE, now in development by MITRE along with software vendors, researchers, and end users, aims to standardize the representation and exchange of logs from electronic systems. Such consistency will allow for improved security monitoring of those systems.

Putting the Prototype Through Its Paces

To test the prototype, MITRE engineers are participating in collaborative experiments at Hanscom Air Force Base in Bedford, Mass., and at other Air Force test sites. Plans are also underway to apply MARIAAN to non-airborne domains such as small mobile networks and small forward-deployed networks.

Earlier this year, the prototype was put through its paces in a "live-fly" experiment at the Joint Expeditionary Force Experiment (JEFX) 2009 event, sponsored by the Air Force and held several times each year as a proving ground for emerging command and control technologies. During the JEFX event in March, MARIAAN was deployed as part of a test of a toolset known as Sensor Event Analysis Visualization Response (SEAVR). SEAVR will allow Air Force personnel working in air operations centers to monitor the security status of all Internet protocol-based communications activities undertaken by commanders and aircraft in the field. (For more information on the JEFX test, see sidebar.)

As the research continues, McQuaid and her team are focused on the big picture: the potential for the prototype to deliver capabilities to warfighters that could protect mission goals, she says.

"We're encouraged by our progress," she says. "This could be part of the solution that allows mission commanders to access information about the consequences of cyber attacks and gives them options for responding when such attacks threaten mission success."


MITRE Takes Part in JEFX

MITRE engineers recently participated in a sophisticated experiment, sponsored by the Air Force, aimed in part at testing MARIAAN's capabilities in a simulated threat environment. The Joint Expeditionary Force Experiment (JEFX) test of the Air Force's Sensor Event Analysis Visualization Response (SEAVR) initiative, undertaken with commercial vendor partners, showcased emerging airborne network security capabilities. SEAVR combines prototype technologies aimed at helping warfighters to "observe, orient, decide, and act" in response to information security threats.

The test simulated a cyber attack on an airborne network enclave. MITRE's MARIAAN prototype, deployed between ground stations and helicopters, integrated with commercial vendors' sensors and data security tools to help warfighters collect and analyze threat data and determine appropriate responses. The results of this testing were promising, showcasing MARIAAN's potential for helping the Air Force address a critical need in airborne network security, according to MITRE's Rosalie McQuaid.

—by Maria S. Lee


Related Information

Articles and News

Technical Papers and Presentations

Websites

 

Page last updated: November 20, 2009   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us