In the realm of cyber defense, timing is critical ... An immediate, structured response to a cyber incident can make a critical difference in mitigating an attack. In order to meet this challenge, faculty and students at the Naval Postgraduate School (NPS) have spent that last two years working on the tools front line operators need to do just that.
Over that time, several students in the university’s Master of Cyber Systems and Operations, and Master of Applied Cyber Operations (MACO) programs have left their mark on the Cyber Defense Operational Sequencing System (CDOSS) project. CDOSS is an effort to develop a set of properly sequenced standard procedures that give Sailors immediate and follow on actions in the case of an incident, mirroring what a cyber expert would do.
NPS Director of Information Warfare and Innovation, U.S. Navy Cmdr. Pablo Breuer plays a lead role in the project, guiding his team of students in the development of this intricate set of cyber defense counter measures in hopes of improving the fleet’s shipboard cyber capabilities.
“Everyone these days deals with computers, and when most of us think about a computer, we think about a desktop or a laptop. But most of us don’t realize, even things such as our cars have about 40-50 computers and 100 million lines of code,” said Breuer. “The same thing happens on a Navy ship. The engineering systems, the combat systems, the fire control systems, all of these things have computers in them and our Sailors’ lives and missions rely on these things.”
CDOSS operates as a list of cards containing tools, tactics and techniques, providing Sailors a way to identify and correct casualties in computing systems without having a background in computer science.
“When I was first commissioned, I worked as a Boiler’s Officer when the Navy still had Boiler Technicians, and even though none of them had experience in thermodynamics or mechanical engineering, they kept the plant running,” said Breuer. “They were able to do this because of an Engineering Operational Sequencing System, or EOSS, that told them how to mediate casualties. This inspired me to create a more universal system because, as time went on, ships, like the rest of the world, begun to rely more heavily on computers.”
CDOSS gives unit commanders organic capabilities to continue on mission and rely less on the Navy Cyber Defense Operations Center (NCDOC) and similar cyber support groups. The effort is in direct accordance with Commander, Fleet Cyber Command and Commander, U.S. Tenth Fleet, Vice Adm. Michael Gilday’s call for a decentralization of the Navy's cyber operations.
"We can’t move terabytes of data back to a central location in order to do aggregation and collection," Gilday said during the AFCEA West conference in February 2017. “Those analytics have to be distributed as well, and the force must be decentralized, much like how the fleet fights in a distributed manner.”
During its development, Breuer and his team looked to the Navy’s Consolidated Afloat Networks and Enterprise Services (CANES) program, which is the Navy’s next generation tactical afloat network. CANES represents the consolidation and enhancement of shipboard network programs to provide a common computing environment for more than 40 command, control, intelligence and logistics applications.
“The first thing we had to figure out was what tools do we have on Navy units to support this, and we did this by taking a standard CANES installed computer system on a destroyer and found that there was an unused computer network intrusion detection system on all CANES installed networks,” said Breuer. “Once we did some network discovery, the next step was to take this new tool and figure out how we should configure it. Now that we know what we have and what we are looking for, we can summarize ways to mediate any issue we may come across.”
Breuer, who graduated from NPS’ Department of Computer Science in 2008, said he and his team of students were able to use experience and opportunities gained on campus, which he calls a “nexus of advanced research for the Navy,” to better get the CDOSS project off the ground.
“It was personally very satisfying knowing that what I was working on as an NPS degree requirement would have a direct and immediate impact in the fleet,” said Chief Warrant Officer Robert Labrenz, an NPS alumnus who contributed to the project during his studies in the MACO program.
“While working on CDOSS, I was able to employ a unique perspective from my enlisted experience to forge an important piece of the overall project, in order produce a product that a junior enlisted Sailor could read, understand, and put to use in defending the network,” he added.
After two years of development and research, nine student theses on CDOSS have been released, with the product being reviewed both by NCDOC and surface forces, paving the way for its upcoming follow on fleet testing in order to get proper feedback from Sailors on its effectiveness and usability.
“I think it is going to have tremendous impact,” said Breuer. “A lot of people would tell you that the Internet and cyber space is really big, but in reality, you can get from any point in cyber space to another in under 600 milliseconds, so if our cyber defense relies on us packing up a hard drive and putting it on a helicopter, then we are not operating at the speed of cyberspace. This will allow ships to gain that advantage and give ships a better understanding of their systems.”