1

DoD Executive Agent for Cyber Test Ranges

2019 Cyber Security Workshop:

March 28, 2019

Mr. Chip Ferguson, Deputy EA for Cyber Test

Ranges

2

Agenda

• Authorities

• Vision

• Needs Development

• Investments

3

10 U.S.C. Section 392 / DoDD 5101.19E require the Cyber Range EAs to:

1) Develop the Biennial Integrated Plan which includes:a. Maintaining comprehensive list of cyber test & training capabilities (DoD and non-DoD)

b. Organizing and managing designated test capabilities• Establish priorities

• Develop and Enforce standards

• Guidance to integrate designated capabilities

• Finding cost reductions

• Add or consolidate cyber test capabilities

• Enhance quality and expertise of workforce

• Coordinate with interagency and industry partners

c. Define architectures to:• Meet evolving needs

• Coordinate with interagency and industry partners

• Allows integrated, closed loop testing of cyber and EW capabilities

• Supports S&T, R&D, DT&E, OT&E, etc.

• Connectivity with other existing cyber ranges and other

kinetic range facilities

2) Certify all cyber range investments of the DoD

3) Generate requirements and standards for cyber security test infrastructure.

Cyber Ranges EA Authorities

First Biennial Integrated

Plan completed in 2017

4

EA Update –Cyber Test Range EA Organization

Chief Financial Officer

Chief Operating Officer

Deputy EA for Cyber Test

Ranges

Air Force Range

Oversight

Army Range

Oversight

Defense Wide

Test

Infrastructure

Navy Range

Oversight

Budget

Certification

Deputy Director, T&E Range Oversight

Deputy PM,

CTEIP //

PM, REP

PM, CTEIP

Deputy PM,

T&E/S&T

Director,

TENA SDA

Deputy PM,

JMETC

Director,

NCR Complex

Deputy

Director,

NCR Complex

Deputy Director, Major Initiatives and Technical Analyses

PM, T&E/S&T // PM, JMETC

PM, NCR Complex Expansion

Principal Deputy, TRMC

Ms. Denise De La Cruz (Acting)

Under Secretary of Defense for Research and Engineering

The Honorable Michael D. Griffin

Mr. James Faist

Dir, TRMC

5

The CT&EI is composed of existing non-kinetic Cyber test capabilities integrated with representations of kinetic and C2

systems (e.g., hardware-in-the-loop (HWIL) facilities, system integration labs (SILs), and software-in-the-loop (SWIL)

facilities) via network connectivity, enabling testing those systems in a realistic combat, including cyber and interoperability,

environment. We have to integrate these existing facilities in a cyber environment with low risk of damage.

Cyber T&E Infrastructure (CT&EI) OV-1b

Army

Marine

CorpsAir Force

Army

Cyber

Test

Complex

Navy

Cyber

Test

Complex

Air Force

Cyber Test

Complex

NCRC /

JMN

NavyHWILs

ISTFs

SILs

Test Ranges

Test Ranges

HWILs

ISTFs

SILs

MCCR

(via JIOR/CSR)

HWILs

ISTFs

SILs

Test Ranges

Aligned Capabilities

(as necessary and

coordinated with the

Component)

Work with

Cyber

Training

Range EA to

Achieve

Common

Architecture

and Standards

Other

Designated

Cyber Ranges

C4AD

CSR

JIOR

External Partners:Industry, Non-DoD

Academia, etc.

TRMC Cyber Complex

6

Cyber Test Range Needs Development

FOR OFFICIAL USE ONLY

• Background

– One-time opportunity to jump-start cyber range needs generation process by identifying

initial set of cyber range gaps and priorities. Accomplished through a RAND Study and

validation by the Services and Agencies on the Cyber Test Range Requirements

Working Group (CTRRWG).

• Issues

– Allocation of needs

Initiated RAND Needs Study

RAND completed

Needs Study

CTRRWG & RAND tasked to

independently prioritize

developed needs

Cyber Test Range EA staff combined both list into single

score card

EA for Cyber Test Ranges developing

plan to address needs

7

Cyber Range Needs Study Results

• Number 1 need – People

• Prioritized by the Cyber Test Range Requirements Working

Group and RAND

– High priority list has 31, e.g.,

• Model the effects of cyber attacks to enable the evaluation of risks to mission

• Standards for accrediting and using vulnerability assessment teams not certified

by NSA

• Central database of plans and schedules for events on all cyber ranges

• Capability to generate realistic traffic on networks, both IP and non-IP

• Cyber testing of full-up systems using replicating malware

• System integration/test capability comprised by combination of system

components -- HWIL and virtualized

• Test protocols/TEMPS include early testing to establish mission impacts

• Instrumentation that demonstrates physical damage without actually having to

test-to-failure

9

TRMC Cyber Investment/Demonstration/Transition

Alignment

PTRMC Advanced TechnologyDevelopment (6.3) Cyber Roadmap

PTRMC Central T&E InvestmentProgram (6.4) CTEIP [Cyber]

Technology Transition Plan

Integrated Cyber Range Prioritized Needs

Technology Transition Plan

DoD Cyber Range Infrastructure

10

Cyberspace Test Technology (CTT)6.3 Advanced Technology Domains

• Develop advanced technologies and methodologies to test and

evaluate DoD capabilities and information networks to defend

and conduct full-spectrum military operations across cyberspace

• Three Domains of CTT

11

TRMC Cyberspace Test Technology6.3 Advanced Technology Domains

Cyber Threat Automation & Monitoring (CTAM)

Aircraft Avionics

Attestation

Technologies (A3T)

Automated Cyber Test Tool (ACTT)-VOLTRON

Testing the Behavior of Malware

TMAL

12

Cyber Threat Automation & Monitoring (CTAM)

• Description: Developing

technologies to detect,

monitor, and analyze malware

behavior during cyber attacks

in a virtualized T&E

environment

• Enables

– Fine-grain introspection/data

collection/monitoring

– Deep Machine Learning and

Advanced Cyber Analytics

– Analysis and threat assessment to

understand impacts to systems

under test

13

Aircraft Avionics Attestation Technologies (A3T)

• Description: A capability to

systematically verify

(attest) that all persistent

storage in an aircraft’s

avionics subsystems have

not been altered

• Enables:

– Guarantees that a weapon

system has not been modified

from gold standard by malicious

action or legitimate cyber T&E

activities

14

Automated Cyber Test Tool (ACTT)-VOLTRON

• Description: Developing tools to

discover and remediate weapon

system cyber vulnerabilities

• Enables:

– Evaluation of systems under test using

automated means to find and fix vulnerabilities

otherwise unknown to OEMs and the DoD

15

Testing the Behavior of Malware (TMAL)

Replicate the functionality of malware that

will work in the distributed environments of

the NCR and MRTFB environments. The

malware with beaconing and a dummy

payload will provide the means to track the

exploits behavior safely in a distributed

testing environment.

16

Central Test and Evaluation Investment Program (CTEIP) 6.4

Cyber Tools for Aviation Systems Testing

(CTAST)

Cyber Test Analysis and Simulation

Environment (Cyber TASE)

17

CTIEP: Cyber Test Analysis and Simulation Environment

(Cyber TASE)

• Description: Provides data collection, aggregation, and visualization to enable an analyst to monitor and analyze the cause, effect, and impact of cyber activity on a system under test (SUT)

18

CTEIP: Cyber Tools for Aviation Systems Testing (CTAST)

• Description: Integrated

hardware/software suite

that enables a test

capability to assess

cyber impacts (red and

blue) on the ability of

embedded aviation

systems to perform their

mission in a cyber

contested environment

19

Points of Contact

Deputy Cyber T&E Range EA: Chip Fergusonbernard.b.ferguson.civ@mail.mil

571-372-2697

Dr. Mike Lilienthal

michael.g.lilienthal.ctr@mail.mil571-238-4532

Jeff McNeil

jeffrey.j.mcneil.ctr@mail.mil

571-372-2707

Westley Moore

westley.r.moore.ctr@mail.mil571-372-2787

Lenny Moskal

leonard.s.Moskal.ctr@mail.mil757-550-1584