NATIONAL CYBER RANGE

1
NATIONAL CYBER RANGE

• s

Cyber test environment supporting the
Comprehensive National Cybersecurity Initiative
(CNCI)
Barbara McQuiston Office Director Michael
VanPutte, Ph.D.Program Manager
UNCLASSIFIED Distribution Statement A (Approved
for Public Release, Distribution Unlimited)
2
What is the Comprehensive National Cybersecurity
Initiative (CNCI)

• On January 8, 2008, President Bush issued
  National Security Presidential Directive
  54/Homeland Security Presidential Directive 23
• Formalized the Comprehensive National
  Cybersecurity Initiative
• Instituted a series of continuous efforts to
  further safeguard our federal government systems
  from cyber threats and attacks
• The CNCI is focused on three key areas
• Establish a frontline defense (reducing current
  vulnerabilities and preventing intrusions)
• Defend against the full spectrum of threats by
  using intelligence and strengthening supply chain
  security and
• Shape the future environment by enhancing our
  research, development, and education as well as
  investing in leap-ahead technologies.

3
What is the cyber threat?

• There has been increased malicious cyber activity
  directed at the U.S. Government over the past few
  years
• This activity is growing more sophisticated, more
  targeted, and more prevalent
• Cyber threats don't come in one variety
• A single individual acting as a hacker
• An organized criminal group stealing personal or
  financial information to exploit for ill-gotten
  gain
• A hacker trying to breach a system simply in
  order to show that he or she can do it
• Nation states engaged in cyber espionage against
  governments and businesses
• Terrorist group seeking to cause very real damage
  to our systems and to our country
• Malicious attacks are often used to
• Steal information
• Disrupt, deny access to, degrade or destroy
  critical federal information systems
• These attacks have the potential to prevent the
  efficient operations of vital systems
• Because of the interdependence of our society
  economy on information systems, a cyber attack
  would have cascading effects across the country
  and across the world

4
Why cant we defend against these threats today?

• Many of the commercial systems we rely on today
  were designed for use in home and small
  businesses, and were not designed from the
  bottom-up to operate in hostile environments.
• With increased Internet connectivity, there is
  more access from more places, which offer an ever
  increasing number of malicious actors access to
  the Nations interconnected information systems
  on which we rely at home and at work.
• Cyber adversaries can adapt rapidly to an
  ever-changing environment, and are able to attack
  at the time and place of their choosing.
• The information on which we rely is more and more
  complex, interconnected, and interdependent, and
  increasing technological complexity increases the
  difficulty in securing that same technology.

5
National Cyber Range
Adaptable, multi-dimensional, heterogeneous cyber
test environment The Nations environment for
cyber research
The National Cyber Range is the measurement
capability providing a realistic quantifiable
assessment of the Nations cyber research and
development technologies, enabling a revolution
in national cyber capabilities and accelerate
transition of these technologies
Leap-ahead research and quantifiable assessment
of cyber tools, processes, and architectures
facilitates
The National Cyber Range will allow classified
and unclassified researchers to measure their
progress in either a classified or
unclassified environment, against
appropriate threats with sufficient timeliness
and accuracy, to allow corrections and
needed new capabilities to be determined.
Revolution in national cyber capabilities
Rapid technology development Accelerated
deployment
6
What is the National Cyber Range?
A dedicated cyber testbed to enhance the
Nations ability to defend against cyber attacks

• The National Cyber Range will
• Provide a dedicated test bed to produce
  qualitative and quantitative assessments of the
  security of cyber technologies and scenarios.
• Provide a revolutionary, safe, instrumented
  environment for our national cyber security
  research organizations to test the security of
  information systems. 
• Revolutionize the state of the art of cyber
  security testing.

• A cyber test center to
• Enable leap-ahead advances to defend and exploit
  the cyber realm
• Enable revolutionary cyber testing

Facilitates consistent, realistic, verifiable
testing
UNCLASSIFIED Distribution Statement A (Approved
for Public Release, Distribution Unlimited)
7
National Cyber Range
8
NCR Infrastructure
Performer-Provided, Holistic Testing Environment

• Range Infrastructure
• Facilities
• Power, HVAC
• Physical and Logical Security
• Personnel and Administration
• Facility and Systems Administration
• Test Scheduling and Management
• On-Site Test Technical Support
• CONOPs Development and Execution
• Certification and Accreditation
• Range Resources
• Large Pool of Heterogeneous Systems
• Ability to Easily Integrate New Systems
• Ability to Connect to Existing Cyber
  Ranges/Resources
• OPFOR as a Service
• Provide Realistic Cyber Adversaries

Providing the environment to solve the Nations
Cyber problems Unconstrained cyber research
environment supporting the CNCI UNCLASSIFIED
Distribution Statement A (Approved for Public
Release, Distribution Unlimited)
9
NCR Technical Advancements
Revolutionizing State-of-the-Art of Cyber Testing

• Automated Range Resource and Test Management
• Revolutionize test technologies, science, and
  repeatability
• Rapidly design, configure, analyze, and release
  tests
• Advanced Virtual Machines and Networks
• Facilitate large scale, heterogeneous
  environments
• Multi-Spectrum Integration
• Wireless and MANET (radio/satellite/maritime/tacti
  cal)
• Critical Infrastructures - SCADA/Control Systems
• Accelerate and/or Decelerate Test Time
• Revolutionary testing technologies
• Responsive Traffic Generators and Program
  Activators
• Emulate human activity across a variety of
  network components
• technology needed to emulate social engineering
  (manipulation) and dynamic nature of cyber realm
• Simulate mobile computing (cyber cafes, PDAs,
  cell phones)

Providing the environment to solve the
Nations Cyber problems Unconstrained cyber
research environment supporting the
CNCI UNCLASSIFIED Distribution Statement A
(Approved for Public Release, Distribution
Unlimited)
10
Program Timeline
ICD
Go/No-Go PDR
6 Mo
Go/No-Go CDR Demonstration
2 Mo
Go/No-Go
IOC - 1 Dec 09
FOC Determination

• Deliverables
• Detailed Engr Plan
• System Demo Plan
• CONOPS
• Phase II Proposal
• Revised OCI Plan

• Deliverables
• Phase III Proposal
• Phase IV Proposal
• Phase III SDP
• Develop Prototype
• Prototype Demonstration

• Deliverables
• Build NCR
• NCR Testing

Operations Phase
ICD - Initial Conceptual Design PDR - Preliminary
Design Review CDR - Critical Design Review FOC-
Full Operational Capability
11
NCR Program Progress

• Interim Progress Reviews (IPRs)
• IPR1 March 9 13, 2009 March 23 27, 2009
• IPR2 May 18 22, 2009 May 26 29, 2009
• Seedlings/Studies
• Quantifying Computer Security December 2008
• NCR Transition May 2009
• Government Working Groups
• Security Accreditation Working Group April 7,
  2009
• Joint Working Group April 8, 2009
• Documents Published
• NCR Intellectual Property Guidance February 27,
  2009
• Updated Security Classification Guidance (SCG)
  April 3, 2009
• Contracting Officer Guidance April 22, 2009
• Phase 1 Performer Deliverables July 13, 2009

12
NCR Team
As of Feb 09
13
Technical Correspondence

• DARPA Program Manager -- Dr. Michael VanPutte
• michael.vanputte_at_darpa.mil
• DARPA/STO
• ATTN STO Dr Michael VanPutte/BAA08-43
• 3701 North Fairfax Drive
• Arlington, VA 22203-1714
• Phone (unclassified and classified) (703)
  526-4721
• Unclassified fax (703) 248-1800
• Program Website http//www.darpa.mil/sto/ia/ncr.
  html