Rapid Response Command and Control (R2C2): a systems engineering analysis of scaleable communications for Regional Combatant Commanders

Includes supplementary materialDisaster relief operations, such as the 2005 Tsunami and Hurricane Katrina, and wartime operations, such as Operation Enduring Freedom and Operation Iraqi Freedom, have identified the need for a standardized command and control system interoperable among Joint, Coalition, and Interagency entities. The Systems Engineering Analysis Cohort 9 (SEA-9) Rapid Response Command and Control (R2C2) integrated project team completed a systems engineering (SE) process to address the military’s command and control capability gap. During the process, the R2C2 team conducted mission analysis, generated requirements, developed and modeled architectures, and analyzed and compared current operational systems versus the team’s R2C2 system. The R2C2 system provided a reachback capability to the Regional Combatant Commander’s (RCC) headquarters, a local communications network for situational assessments, and Internet access for civilian counterparts participating in Humanitarian Assistance/Disaster Relief operations. Because the team designed the R2C2 system to be modular, analysis concluded that the R2C2 system was the preferred method to provide the RCC with the required flexibility and scalability to deliver a rapidly deployable command and control capability to perform the range of military operations

Codifying Information Assurance Controls for Department of Defense (DoD) Supervisory Control and Data Acquisition (SCADA) Systems (U)

Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition (SCADA) systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing eight Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into the DoD IA control framework. Spearman’s Rho ranking results (ρ = .972414) indicate a high preference for encryption, and system and information integrity as key IA Controls to mitigate cyber risk. Equally interesting was the strong agreement among raters on ranking certification and accreditation dead last as an effective IA control. The respondents strongly favored including four new IA controls of the eight considered

Empowering Marine Corps System Administrators: Taxonomy of Training

Organizations cannot protect the integrity, confidentiality, and availability of information in today\u27s highly networked systems environment without ensuring that System Administrators are properly trained and meet a minimum standard that is enforced enterprise-wide. Only with this ubiquitous benchmark training, will the System Administrators roles and responsibilities become synchronous to achieving Defense in Depth in the IT realm. The goal of this research is to analyze Marine Corps training methods to identify viable solutions that will produce consistent skill sets and meet requirements set forth in mandates from DoD

Security and trust in cloud computing and IoT through applying obfuscation, diversification, and trusted computing technologies

Cloud computing and Internet of Things (IoT) are very widely spread and commonly used technologies nowadays. The advanced services offered by cloud computing have made it a highly demanded technology. Enterprises and businesses are more and more relying on the cloud to deliver services to their customers. The prevalent use of cloud means that more data is stored outside the organization’s premises, which raises concerns about the security and privacy of the stored and processed data. This highlights the significance of effective security practices to secure the cloud infrastructure. The number of IoT devices is growing rapidly and the technology is being employed in a wide range of sectors including smart healthcare, industry automation, and smart environments. These devices collect and exchange a great deal of information, some of which may contain critical and personal data of the users of the device. Hence, it is highly significant to protect the collected and shared data over the network; notwithstanding, the studies signify that attacks on these devices are increasing, while a high percentage of IoT devices lack proper security measures to protect the devices, the data, and the privacy of the users. In this dissertation, we study the security of cloud computing and IoT and propose software-based security approaches supported by the hardware-based technologies to provide robust measures for enhancing the security of these environments. To achieve this goal, we use obfuscation and diversification as the potential software security techniques. Code obfuscation protects the software from malicious reverse engineering and diversification mitigates the risk of large-scale exploits. We study trusted computing and Trusted Execution Environments (TEE) as the hardware-based security solutions. Trusted Platform Module (TPM) provides security and trust through a hardware root of trust, and assures the integrity of a platform. We also study Intel SGX which is a TEE solution that guarantees the integrity and confidentiality of the code and data loaded onto its protected container, enclave. More precisely, through obfuscation and diversification of the operating systems and APIs of the IoT devices, we secure them at the application level, and by obfuscation and diversification of the communication protocols, we protect the communication of data between them at the network level. For securing the cloud computing, we employ obfuscation and diversification techniques for securing the cloud computing software at the client-side. For an enhanced level of security, we employ hardware-based security solutions, TPM and SGX. These solutions, in addition to security, ensure layered trust in various layers from hardware to the application. As the result of this PhD research, this dissertation addresses a number of security risks targeting IoT and cloud computing through the delivered publications and presents a brief outlook on the future research directions.Pilvilaskenta ja esineiden internet ovat nykyään hyvin tavallisia ja laajasti sovellettuja tekniikkoja. Pilvilaskennan pitkälle kehittyneet palvelut ovat tehneet siitä hyvin kysytyn teknologian. Yritykset enenevässä määrin nojaavat pilviteknologiaan toteuttaessaan palveluita asiakkailleen. Vallitsevassa pilviteknologian soveltamistilanteessa yritykset ulkoistavat tietojensa käsittelyä yrityksen ulkopuolelle, minkä voidaan nähdä nostavan esiin huolia taltioitavan ja käsiteltävän tiedon turvallisuudesta ja yksityisyydestä. Tämä korostaa tehokkaiden turvallisuusratkaisujen merkitystä osana pilvi-infrastruktuurin turvaamista. Esineiden internet -laitteiden lukumäärä on nopeasti kasvanut. Teknologiana sitä sovelletaan laajasti monilla sektoreilla, kuten älykkäässä terveydenhuollossa, teollisuusautomaatiossa ja älytiloissa. Sellaiset laitteet keräävät ja välittävät suuria määriä informaatiota, joka voi sisältää laitteiden käyttäjien kannalta kriittistä ja yksityistä tietoa. Tästä syystä johtuen on erittäin merkityksellistä suojata verkon yli kerättävää ja jaettavaa tietoa. Monet tutkimukset osoittavat esineiden internet -laitteisiin kohdistuvien tietoturvahyökkäysten määrän olevan nousussa, ja samaan aikaan suuri osuus näistä laitteista ei omaa kunnollisia teknisiä ominaisuuksia itse laitteiden tai niiden käyttäjien yksityisen tiedon suojaamiseksi. Tässä väitöskirjassa tutkitaan pilvilaskennan sekä esineiden internetin tietoturvaa ja esitetään ohjelmistopohjaisia tietoturvalähestymistapoja turvautumalla osittain laitteistopohjaisiin teknologioihin. Esitetyt lähestymistavat tarjoavat vankkoja keinoja tietoturvallisuuden kohentamiseksi näissä konteksteissa. Tämän saavuttamiseksi työssä sovelletaan obfuskaatiota ja diversifiointia potentiaalisiana ohjelmistopohjaisina tietoturvatekniikkoina. Suoritettavan koodin obfuskointi suojaa pahantahtoiselta ohjelmiston takaisinmallinnukselta ja diversifiointi torjuu tietoturva-aukkojen laaja-alaisen hyödyntämisen riskiä. Väitöskirjatyössä tutkitaan luotettua laskentaa ja luotettavan laskennan suoritusalustoja laitteistopohjaisina tietoturvaratkaisuina. TPM (Trusted Platform Module) tarjoaa turvallisuutta ja luottamuksellisuutta rakentuen laitteistopohjaiseen luottamukseen. Pyrkimyksenä on taata suoritusalustan eheys. Työssä tutkitaan myös Intel SGX:ää yhtenä luotettavan suorituksen suoritusalustana, joka takaa suoritettavan koodin ja datan eheyden sekä luottamuksellisuuden pohjautuen suojatun säiliön, saarekkeen, tekniseen toteutukseen. Tarkemmin ilmaistuna työssä turvataan käyttöjärjestelmä- ja sovellusrajapintatasojen obfuskaation ja diversifioinnin kautta esineiden internet -laitteiden ohjelmistokerrosta. Soveltamalla samoja tekniikoita protokollakerrokseen, työssä suojataan laitteiden välistä tiedonvaihtoa verkkotasolla. Pilvilaskennan turvaamiseksi työssä sovelletaan obfuskaatio ja diversifiointitekniikoita asiakaspuolen ohjelmistoratkaisuihin. Vankemman tietoturvallisuuden saavuttamiseksi työssä hyödynnetään laitteistopohjaisia TPM- ja SGX-ratkaisuja. Tietoturvallisuuden lisäksi nämä ratkaisut tarjoavat monikerroksisen luottamuksen rakentuen laitteistotasolta ohjelmistokerrokseen asti. Tämän väitöskirjatutkimustyön tuloksena, osajulkaisuiden kautta, vastataan moniin esineiden internet -laitteisiin ja pilvilaskentaan kohdistuviin tietoturvauhkiin. Työssä esitetään myös näkemyksiä jatkotutkimusaiheista

Theater Ballistic Missile Defense From the Sea

A sense of urgency informs Theater Ballistic Missile Defense from the Sea: Issues for the Maritime Component Commander. Theater ballistic missiles armed with chemical, biological, or nuclear Weapons of Mass Destruction (WMD) will be acquired and deployed by hostile forces in the developing world, posing an imminent threat to the us. and coalition forces that must operate in that world. The gravity of this evolving threat is recognized in our national military strategy.https://digital-commons.usnwc.edu/usnwc-newport-papers/1012/thumbnail.jp

DECISION MODEL IMPLEMENTATION IN THE GLOBAL INFORMATION NETWORK ARCHITECTURE

The future battlefield is one that will be heavily influenced by rapidly changing technological capabilities of near-peer adversaries. Success in this environment will require simple to use systems that are adaptable to situations and capable of integration with other forces and systems. The Multi-Domain Operations Command, Control, Computers, Communications, Combat Systems, and Intelligence (MDOC5i) aims to prepare the Marine Corps for the future battlefield. Due to certain drawback of traditional machine learning techniques, MDOC5i uses vector relational data modeling (VRDM) to provide the Marine Corps with systems suitable for dynamic employment. MDOC5i uses the Global Information Network Architecture (GINA) as its VRDM platform. This research uses GINA to create a ubiquitous decision model that can be configured to USMC scenarios. The research implements the ubiquitous model and proves functionality through a network analysis use case. This decision model will serve as the base model for all GINA implementations. The ability to quickly construct and adapt GINA models based on scenarios and integrate those models into a common framework will provide the Marine Corps with information overmatch against future adversaries.Captain, United States Marine CorpsApproved for public release. Distribution is unlimited

Proceedings of the 2004 ONR Decision-Support Workshop Series: Interoperability

In August of 1998 the Collaborative Agent Design Research Center (CADRC) of the California Polytechnic State University in San Luis Obispo (Cal Poly), approached Dr. Phillip Abraham of the Office of Naval Research (ONR) with the proposal for an annual workshop focusing on emerging concepts in decision-support systems for military applications. The proposal was considered timely by the ONR Logistics Program Office for at least two reasons. First, rapid advances in information systems technology over the past decade had produced distributed collaborative computer-assistance capabilities with profound potential for providing meaningful support to military decision makers. Indeed, some systems based on these new capabilities such as the Integrated Marine Multi-Agent Command and Control System (IMMACCS) and the Integrated Computerized Deployment System (ICODES) had already reached the field-testing and final product stages, respectively. Second, over the past two decades the US Navy and Marine Corps had been increasingly challenged by missions demanding the rapid deployment of forces into hostile or devastate dterritories with minimum or non-existent indigenous support capabilities. Under these conditions Marine Corps forces had to rely mostly, if not entirely, on sea-based support and sustainment operations. Particularly today, operational strategies such as Operational Maneuver From The Sea (OMFTS) and Sea To Objective Maneuver (STOM) are very much in need of intelligent, near real-time and adaptive decision-support tools to assist military commanders and their staff under conditions of rapid change and overwhelming data loads. In the light of these developments the Logistics Program Office of ONR considered it timely to provide an annual forum for the interchange of ideas, needs and concepts that would address the decision-support requirements and opportunities in combined Navy and Marine Corps sea-based warfare and humanitarian relief operations. The first ONR Workshop was held April 20-22, 1999 at the Embassy Suites Hotel in San Luis Obispo, California. It focused on advances in technology with particular emphasis on an emerging family of powerful computer-based tools, and concluded that the most able members of this family of tools appear to be computer-based agents that are capable of communicating within a virtual environment of the real world. From 2001 onward the venue of the Workshop moved from the West Coast to Washington, and in 2003 the sponsorship was taken over by ONR’s Littoral Combat/Power Projection (FNC) Program Office (Program Manager: Mr. Barry Blumenthal). Themes and keynote speakers of past Workshops have included: 1999: ‘Collaborative Decision Making Tools’ Vadm Jerry Tuttle (USN Ret.); LtGen Paul Van Riper (USMC Ret.);Radm Leland Kollmorgen (USN Ret.); and, Dr. Gary Klein (KleinAssociates) 2000: ‘The Human-Computer Partnership in Decision-Support’ Dr. Ronald DeMarco (Associate Technical Director, ONR); Radm CharlesMunns; Col Robert Schmidle; and, Col Ray Cole (USMC Ret.) 2001: ‘Continuing the Revolution in Military Affairs’ Mr. Andrew Marshall (Director, Office of Net Assessment, OSD); and,Radm Jay M. Cohen (Chief of Naval Research, ONR) 2002: ‘Transformation ... ’ Vadm Jerry Tuttle (USN Ret.); and, Steve Cooper (CIO, Office ofHomeland Security) 2003: ‘Developing the New Infostructure’ Richard P. Lee (Assistant Deputy Under Secretary, OSD); and, MichaelO’Neil (Boeing) 2004: ‘Interoperability’ MajGen Bradley M. Lott (USMC), Deputy Commanding General, Marine Corps Combat Development Command; Donald Diggs, Director, C2 Policy, OASD (NII

Dumb Cities: Spatial Media, Urban Communication, and the Right to the Smart City

A majority of the global population is now concentrated in cities, and the "smart city" model has emerged as the predominant paradigm for contemporary urban development. Employing networked infrastructures and big data for urban governance, the smart city promises innovative solutions for longstanding urban problems—using computer technologies to automate or monitor everything from traffic patterns to voting practices—while also posing new questions and dilemmas for city dwellers. The smart city model reworks traditional notions of urban rights, such as access to housing and public space, by implementing communication technologies that offer new possibilities for connection even as they create conditions for division and unequal access. How do the communication infrastructures deployed in smart city programs alter the communicative functions of urban spaces, and how might critical urban theory be updated in order to account for these emerging technologies? Focusing primarily on Pittsburgh, Pennsylvania, this project addresses these questions by investigating policies, practices, and infrastructures mediating civic engagement and urban communication in technologically-driven urban development. I survey several salient examples of smart city approaches including the use of “big data” approaches for urban governance, networked transportation infrastructures, and media interfaces for visualizing and interacting with space. This work focuses especially on how notions of citizenship and civic engagement are constructed in "smart" urban imaginaries, as well as the role of emergent technologies in mediating experiences of space and place. I advance the rhetorical skill and cunning intelligence of mêtis as a conceptual lens for assessing and cultivating an engaged urban citizenship. I argue that rhetorics of “smart” urbanism discursively delegate ideals of civic engagement to technical infrastructures and processes, thereby occluding both longstanding and emergent disparities in urban communities

A Business Case Analysis (BCA) of the One Box - One wire (OB1) Joint Combined Technology Demonstration (JCTD)

The One Box One Wire (OB1) Joint Combined Technology Demonstration (JCTD) is a United States Central Command (USCENTCOM) initiative that has been approved by congress for a FY 2009 rolling start. The primary goal of the JCTD Program is to demonstrate, operationally assess, and transition capability solutions and innovative concepts to address the joint, coalition and interagency operational gaps and shortfalls in meeting the needs of the warfighter. Since inception in 1995, the Advanced Concept Technology Demonstration (ACTD) Program, and now the Joint Capability Technology Demonstration (JCTD) Program, has deployed critically needed warfighting solutions to every major Combatant Command theater. The OB1 JCTD is an initiative designed to transform the existing Department of Defense (DoD) air-gapped networks (NIPR, SIPR, etc.) to an environment that allows the user to access all networks from a single PC terminal while still preserving the separation and security of data flows. This thesis will be a business case analysis of the cost of implementing and sustaining the OB1 JCTD as compared to the current DoD multi-network infrastructure. This thesis will address the question of whether converting the existing military network infrastructure into OB1 is financially feasible. This thesis will concentrate specifically on OB JCTD initiative.http://archive.org/details/abusinesscaseana109454900US Navy (USN) author.Approved for public release; distribution is unlimited