Cyber Hardening Multi-Domain Missions using Network Digital Twins

April 20, 2021 by Leslie Provenzano

Network Digital Twins for Joint All Domain Command and Control (JADC2)

Joint All Domain Command and Control (JADC2) relies on a geographically dispersed, connected network of sensors, platforms, and weapon systems operating in harsh and contested environments to achieve mission success.  In this era of renewed great power competition and sophisticated cyber threats, it is imperative that we assess the cyber resilience and survivability of networks in the context of the missions they support.  Such an assessment is based on:

    • Mission objectives
    • Weapon system attributes and vulnerabilities
    • Network defense capabilities, and
    • Adversary employment of cyber threats during multi-domain mission operations, including tools, tactics, techniques, and procedures

Every cyber vulnerability in a weapon system or underlying network is not necessarily a mission vulnerability because exploitation of the cyber vulnerability by the adversary may or may not impact the ability to successfully complete the mission.  In order to appropriately assess mission cyber resilience, it is necessary to assess the weapon or network cyber resilience in a realistic tactical environment. Thus, to ensure Joint All Domain Command and Control cyber resilience and hence mission success, military commanders need a capability to:

  • Predict the impact of potential cyber attacks on a specific mission,
  • Analyze alternative mitigation strategies in the context of their mission, and
  • Train the warfighters to respond effectively to exigencies in a ‘fog of war’ environment.

Traditional commercial cyber ranges suffer from two primary gaps when it comes to addressing cyber resilience of Joint All Domain Command and Control systems:

  • A limited ability to represent tactical, 5G, satellite, or other wireless networks and the appropriate cyber and Electronic Warfare (EW) attack vectors
  • Difficulty integrating with kinetic warfare domains

Proposed Solution – Mission CLONE (Cyber Live-Virtual-Constructive (LVC) Operational Network Environment)

Over the last few years, SCALABLE has leveraged its innovative network digital twin capability to develop the Mission-CLONE.  Mission CLONE provides advanced training and assessment solutions to assess and improve cyber resilience of Joint All Domain Command and Control missions.

A network digital twin refers to a computer simulation model of the communication network together with its operating environment and the application traffic carried by it.   It can be used to study the behavior of its physical counterpart in a low-cost and zero-risk environment, either in theater or in the laboratory.  To do so effectively, the digital twin must have sufficient fidelity to accurately reflect the network dynamics due to the interplay between the communication protocol, device configurations, network topology, application traffic, the physical environment, and the cyber attack.   For instance, the location, intensity, and duration of a jamming or denial of service attack launched by an adversary will determine their impact on communications that are critical to the mission.  The interference needed to disrupt streaming video may be very different from that needed to disrupt Position Location Information (PLI).  And the digital twin must have sufficient fidelity to capture the network dynamics and thus appropriately discriminate among cyber attacks that are a mere annoyance from those that have the potential to disrupt the mission timeline.

SCALABLE’s Mission CLONE provides the following innovative capabilities:

  • Integration of cyber and kinetic domains, without modifications
  • Includes wireless and tactical waveforms and their specific vulnerabilities
  • Integration with Cyber-Physical Systems and simulations (e.g., submarine control systems)
  • Integrates non-IP communications (e.g. 1553 bus)
  • Attacks can be launched against the network and connected weapon and C2 subsystems
  • Small hardware footprint to support in-theatre use.
  • Ability to include known and zero-day vulnerabilities
  • Assess in parallel:
    • Command and staff to modify operations and complete the mission, and
    • Network defenders to detect and react to threats as they occur

Mission CLONE Components

Mission CLONE consists of the following primary components:

  • The Mission Network Model: Mission CLONE leverages a rich set of network and communication models from EXata and the Joint Network Emulator (JNE). In particular, JNE includes high-fidelity, at-scale models of ground, afloat, air, underwater, and satellite communication networks.  In addition, EXata includes high-fidelity models of GSM, LTE, 5G, WiFi, and other commercial and dual-use wireless technologies to help build out a mission-relevant digital twin.
  • Real-Time Interfaces to connect the digital twin with other relevant live or simulated components: JNE can be linked with live C2 applications (e.g. Joint Command and Control Systems), network managers (e.g., SolarWinds, NA, ..), network monitoring tool (e.g., Wireshark) and combat simulators (e.g. ONESAF, Command PE)
  • A comprehensive library of live or simulated models of relevant cyber attack vectors and defenses that include Electronic Warfare (EW)
  • A Cyber Mission specification capability to support development of distributed and adaptive cyber missions and interface with the underlying kinetic operations. Figure 1 shows a portion of the Ukraine attack vector in the Mission CLONE cyber mission editor. This editor enables the user to graphically create cyber attacks, their timing and logic, and how they will progress depending on actions taken during the mission. The resultant attack script will execute in conjunction with the Mission Network Model, using feedback from device states and user actions.

Illustrative Use Case

Figure 2 presents the use of the MISSION CLONE to assess the cyber resilience of a mission to multiple attack vectors:

Mission CLONE will ingest target tracks, force positions, intelligence, and environmental factors, which can then be refined with spectrum management and cyber threats. The network digital twin will execute faster than real-time and will be subject to real or mission-relevant potential cyberspace operations, depending on OPFOR positions, emission ranges, and EW/cyber capabilities. It will provide visualization and detailed metrics such as connectivity, latency, packet drop, etc., and how these impact the mission. Mission CLONE will be used to compare and evaluate multiple Courses of Action (COAs) with varying routes and search areas in light of evolving METOC, spectrum management, network performance, connectivity, and susceptibility to cyber-attacks, to assist in optimizing network configurations, and help assess cyber threat mitigation strategies in the context of the mission.

To learn more about Network Digital Twins, contact us or follow us on LinkedIn to learn more about SCALABLE.