On a Quest to Field Better Cyber Awareness Tools for Warfighters

March 2019
Topics: Cybersecurity, Software (General), Army Operations, Network Security, Military Operations (General)
Today, it's as likely warfighters will be fighting attacks within their networks as in the physical world. That's why an Army center partnered with MITRE on a cybersecurity tool that puts key data into a usable context, to consider for the field.
Army personnel looking at computer screens

U.S. Army soldiers participating in Cyber Quest 2018 monitor activities in the field. (U.S. Army photo by Spc. TaMaya Eberhart)

Cyberattacks by adversaries could cripple the networks and systems our nation's warfighters rely on to protect themselves and to project power on the battlefield. As part of a range of approaches to counter such threats, the U.S. Army Cyber Center of Excellence hosts a yearly major exercise called Cyber Quest. For several weeks, the military and allies test emerging cyberspace and electronic warfare technologies in the field.

During Cyber Quest 2018, the Army Cyber Center of Excellence invited MITRE employees to help Army cyber protection teams field test CMIT—Cyber Electromagnetic Activities (CEMA) Situational Awareness Tactical Analytics Framework (C-STAF) Mission Impact Tool—and with good reason. CMIT is built on and extends the capabilities of MITRE's CyGraph cyber data collection, analysis, and decision-support tool.

"Cyber Quest is like the Army's short list of what they think are good candidates for fielding in the near term," says Steve Noel, a MITRE cybersecurity engineer.

A Cyber Tool with a Critical Difference: Context

CMIT is a software tool for improving network security posture, maintaining situational understanding in the face of cyberattacks, and focusing on protecting mission-critical assets.

What's different about CMIT compared to other software tools?

For one thing, there are tools that provide some cyber data and others that enable the operator to see vulnerabilities in network diagrams and systems.

"With CMIT, the big thing is the ability to view information in context," says Steve Purdy, a MITRE software systems engineer and former Army Signal Corps officer. He and Noel demonstrated CMIT together at Cyber Quest 2018.

"Not many technologies bring all of that information together in a way that lets you make decisions," Purdy adds. "CMIT operationalizes cyber data, which is a key sponsor need."

CMIT combines isolated data and events to provide Army cyber protection teams with an overall picture for situational awareness and decision support. It offers an analysis dashboard that allows operators to formulate and submit queries and visualize the results.

CMIT's predecessor, CyGraph, was created under MITRE's independent research and development program. Discussions between MITRE and the U.S. Army Combat Capabilities Development Command, Control, Computers, Communications, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) Center led to Army personnel identifying CyGraph as a candidate technology they could build on to map dependencies among information technology assets. CMIT was born.

Based at the Aberdeen Proving Ground in Maryland, C5ISR Center is the Army's information technologies and integrated systems center. We support C5ISR Center by developing and delivering tools such as CMIT.

MITRE and C5ISR Center furthered the CMIT concept through experimentation with warfighters. This work occurred as part of the C-STAF Science & Technology Objective, initiated by C5ISR Center to tackle cyberspace technology challenges.

Steve Noel and Steve Purdy discuss how CMIT, which began as a research project called CyGraph, may prove useful to U.S. Army cyber operations.

Tested and Proven in the Field

MITRE joined defense contractors, cybersecurity vendors, and government labs in providing technology and products for the Cyber Quest field exercise. The event took place at Georgia's Fort Gordon, which houses the Army Cyber Center of Excellence.

"We were embedded an entire week with the cyber defenders full time," Noel says. "They operated our tool, but we were there for reach-back if they had questions. We put CMIT in front of cyber operators in a tactical environment with red-team adversarial attacks. They used our tool within the real environment, doing real defense with it."

The response from the Army cyber protection teams was constructive, Noel adds. "We got a lot of great feedback from them, and a nice list of improvements for the future."

Afterward, the teams asked for copies of CMIT, and our staff is now working with C5ISR Center to transition it from a research pilot to an Army program of record.

User Feedback Declares CMIT a "Success Story"

"Steve Noel and the team have done a great job on CMIT, from its inception in our research program, and now as it's transitioning to the Army," says George Roelke, who leads our cybersecurity research program.

"CMIT is part of a larger, sustained focus in our research program. We want to enable cyber defenders to understand the mission impacts of cyber events and to use the information to make better decisions."

The team continues to work with other researchers at MITRE to extend CMIT and increase its impact on real problems, he notes. "This will make CMIT even more useful to sponsors in the future."

The final word goes to Chris Paprcka, a lead engineer for C5ISR Center and the C-STAF Program Manager.

"Warfighters used CMIT during Cyber Quest 2018 and provided lots of positive feedback about how it helped them to understand the dependencies between IT assets, and the potential impacts of a cyber attack."

--by Jim Chido

Explore more at MITRE Focal Point: Cybersecurity.


Publication Search