Thursday, January 01, 2009

What does a National Cyber Range do?

This week Aviation Week ran a story called DARPA Unveils Cyber Warfare Range. The article quotes Rance Walleston, the director of BAE Systems' Information Operations Initiative:

“It’s hard to know what you are actually going to get from a test in a laboratory against five computers when the capability you need has to function against five million computers,” he continues. “There’s nowhere to test that, so DARPA’s trying to put together a range with fidelity in many dimensions — such as the number and types of nodes and how they’re connected — so that you can accurately determine the effectiveness of some tool. The real trick will be how quickly you can upgrade the range to deal with changing threats.”

If you might be wondering, as I was, so "what will that really look like"? The media has been all over the place with this one. InfoWar Monitor calimed "The agency's National Cyber Range for cyberwar simulation would be similar to Star Trek's holodeck or a Snow Crash-style Metaverse". Noah Schiffman wrote in his Security Phreak blog that the project would cost "an estimated $30 billion", and got slash-dotted quite a bit calling the project "Doomed to Failure". (Interesting that one project could cost $30 billion, when their entire appropriation for FY09 was a little over THREE billion -- (see Department of Defense Appropriation FY09) -- "The fiscal year 2009 budget request for DARPA is $3,285,569,000, an increase of $326,493,000, more than 10 percent, over the fiscal year 2008".

I did a couple hundred pages of reading, so you, gentle reader, won't have to . . .

So how did this come about?

It started back in November 2007 with a call from DARPA's Michael VanPutte, who is the Program Manager of their Strategic Technology Office. They gave a two month comment period for people to describe what they thought a Cyber Range should do. (See: Request for Information on Cyber Network Range Capabilities (CNRC). Whatever responses they got were used to help decide what the requirement should be for a National Cyber Range, and the first pass of asking for proposals to build one was May 5, 2008. In that request, they asked for some quick responses (deadlined June 30, 2008) of people who might be able to build something like that. Theidea was that they would fund several competitive teams to see who could come up with something worthy of major long-term funding. A Proposers' Day Workshop was held on May 13-14, 2008 at the Hilton Washington Dulles, with a review of classified requirements the previous day at the Schafer Corporation for proposers.

The requirements that were shared that day boiled down to:

  • Conduct unbiased, quantitative and qualitative assessment of information assurance and survivability tools in a representative network environment.
  • Replicate complex, large-scale, heterogeneous networks and users in current and future Department of Defense (DoD) weapon systems and operations.
  • Enable multiple, independent, simultaneous experiments on the same infrastructure.
  • Enable realistic testing of Internet/Global-Information-Grid (GIG) scale research.
  • Develop and deploy revolutionary cyber testing capabilities.
  • Enable the use of the scientific method for rigorous cyber testing.

Proposer's Day gave a 2.5 hour briefing on the Project, with proposers able to fill out Q&A cards, which were then addressed during the afternoon session.

The following day was for people who were looking for Team members to pitch what they had to offer and what they were looking for to build a successful proposal team.

The solicitation gave a number of objectives, including the ability to replicate and operate large-scale military and government network enclaves, commercial and tactical wireless and control systems, and a method of being able to rapidly prototype, deploy, monitor, and evaluate tests, new research protocols

The Solicitation boiled down to three phases:

Phase I - Design Objectives: Proposers had at most six months to develop a Preliminary Design Review which would prove that they had an Initial Conceptual Design which might be able to be developed into Detailed Engineering Plans and a workable Concepts of Operation. Proposers who passed Phase I would receive funding to move into Phase II.

Phase II - Prototype Objectives: Proposers now have to do a few things:

Demonstration, to include:
- deploying two different host node recipes
- creating new recipes
- rapid testbed reconstruction
- test management
- time synch and auditing
- data collection tools, including packet captures, event log captures, malware event collection, and automated attacks
- a traffic generation system including incoming and outgoing email, automated port scanning, automated attacks, and simulated HTTP and other traffic
- human "replicants" who simulate the use of software products, browsers, media players and email clients
- replicated inter-enclave communication channels
- aggregating all sub-nodes into one large test bed
- dynamically freeing resources from one test and reassigning them to another

When its All Done, what will it be able to do?

Phase III: National Cyber Range Objectives:

One of the Phase II Demonstrators would be picked to fully deploy the National Cyber Range to meet the following objectives:


Operational Resources - physical facilities, utilities, HVAC, security

Administration Resources - certification/accreditation, CONOP development, security management, test scheduling, operation of range processes

Demonstrations - facilities to demo for audiences of up to 30, with separate rooms for test control teams, Test Director, and OpFor (Oppositional Forces)

Node Replication - realistic replication of connections, hardware, and endpoints (firmware, hardware, software, apps)

Recipes - "a variety of node configurations" that would handle most potential operating environments

Network Technologies and Support - (make the network look like any network)

Protocols and Services - (allow the network to run any protocols)

Scalability - be able to deploy everything from single devices to tests incorporating several thousand nodes.


- Provide automated pre-test planning support
- Enable automated resource allocation based on needs and priorities
- Support both short (1 week) and long (6 month) research programs
- Provide a means to rapidly and securely de-obligate test resources after tests
- Enable free resources to be pooled and allocated to low priority, non-interactive, batch tests
- Provide a knowledge management suite for lessons learned (both within and across tests)
- Provide a means to incorporate additional technologies


Facilitate the Test Director's activities by providing a palette of resources available, as well as products to assist in pre-test planning, test execution, data collection, post test analysis and closeout support.

Provide a knowledge management repository

Provide an automated means to configure, instrument, initialize, and verify assigned testbed resources

Provide means to execute, monitor, pause, continue, and stop tests.

Provide means to rapidly reset, modify and restart tests

Provide range validation with user-defined scripts

Support both interactive and batch testing paradigms


Tests must be monitored for both quantitative and qualitative assessment, including instrumented monitoring and observer/controller evaluation and analysis


Provide a number of highly skilled, experienced network engineers, system administrators and domain administrators, with rapid response time and trouble ticketing system to track assistance requests.


Allow players OR Automation, to fulfill the roles of:
- Oppositional Forces (OpFor), including both sophisticated cyber activity, defensive computing to protect national assets, and computer network attack, with facilities that can be controlled by OpFor isolated from Test Director's team.
- Team Integration
- Traffic Generators
- Human Actor Replicants and Program Activators (Host-based)


Deploy and/or replicate: LANs, WANs, Wireless of all softs, intermediate routing, C4 Systems (Military Command, Control, Communications, and Computers), US and Foreign military communications infrastructures, including satellite, satcom, maritime, tactical, and Mobile Ad Hoc Networks (MANETs), US and foreign military net-centric assets (including Unmanned Aerial Vehicles, Weapons, and Radar Systems)


Develop technology to accelerate or decelerate test time to clock time


Comply with all Security Classification Guidelines

WOW. OK, that sound very cool. Where are we right now?

Some folks are already hiring to help build out their phase II. For instance, CTC: Senior Systems Engineer, and L-3 Global Security and Engineering Solutions: Senior Systems Engineer, which was just posted yesterday. The latter wants someone with 17 years experience (14 if you have a PhD) to:

Participate in development of the Concept of Operations and prepare Preliminary Design Review (PDR) for large scale, multi-level secure, multi-floor National Cyber Range (NCR.) Apply Cyber Security engineering and Computer Forensics technology in design of a test bed (Range) capable of supporting multiple, simultaneous, segmented tests of emerging and future defensive and offensive Cyber technology. Plan, organize and structure operations of the Range. Specify staff roles, technical skills, training and certifications required to meet operational requirements.

Manage layout and physical design of facility and development of Test & Evaluation (T&E) processes. Coordinate pre-approval of Range physical and information security certifications and procedures during PDR development.

Do you believe? It might be a great time to get a great job!

Link: NCR Proposers' Day Briefing

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.