FORT HOOD, Texas (October 9, 2019) -- Soldier cyber defenders are training on a new toolset that will alert them to potential malicious activity traversing elements of the local tactical network.
The Tactical Defensive Cyberspace Operations (DCO) Infrastructure (TDI), which features a desktop dashboard alert, is the Program of Record that addresses local network threats at the tactical edge.
"Monitoring suspicious activity across the local network is far more challenging than monitoring these same activities across the enterprise, which is hard-wired, connected at all times and armed with multiple tools to defend it," said Ari Nguyen, assistant product manager for TDI, Project Manager Mission Command (PMMC), assigned to Program Executive Office for Command, Control and Communications-Tactical (PEO C3T).
Downrange is another story -- local S6 cyber defenders must set up their network conducive to their command post environment. If they require additional network cyber resources, such as computers, they may be face size, weight, and power restrictions, Nguyen said.
"The TDI toolset takes these limitations into consideration," Nguyen said. "It will reside within the command post at Corps through Brigade for both organic cyber network defenders and it can be accessed remotely by Cyber Protection Teams in Fort Gordon, Georgia."
Once the local defender has reached his or her abilities to address the network threat, the Cyber Protection Team, who has access to additional cyber tools pre-staged as part of TDI, can remote into the Command Post and triage the threat, Nguyen said.
PEO C3T provided training on the TDI toolset last week to Soldiers with the 1st Cavalry Division (1st CAV) Headquarters at Fort Hood, Texas, who will be the first unit equipped with the system.
"The training for TDI is more in-depth and practical than the standard cyber network defense course we took as part of our 25D training," said Staff Sgt. Joel De La Rosa, 1st CAV, 2nd Brigade."There are more examples and specific use-cases that can be applied in our everyday mission."
TDI is comprised of two standard commercial cyberspace tools that are preconfigured by engineers to reside on the Tactical Server Infrastructure (TSI) server stack. It provides a simplified, single dashboard that auto-detects multiple virtual cyber threats within the server.
"The TDI alerts the S6, which prompts him or her to run a query to determine the source of the intrusion," Nguyen said. "Once alerted, the cyber defender can take the appropriate steps to determine if an act is malicious, at which point they could mitigate or deny that intrusion by shutting down the system, port, or IP address."
It could also simply be a legitimate action performed by another S6, such as an administrative login, program installation or patch push, Nguyen said.
TDI works in tandem with the current firewalls, which defend against outside intrusions.
"The firewalls do a good job blocking outside intruders, but with TDI, Soldiers can immediately address internal activity on the network," Nguyen said.
1st CAV Soldiers also trained on the Command Post Computing Environment (CPCE), the framework that comprises all warfighting function software and provides a common operating picture. Both the CPCE and TDI will share space on the Tactical Server Infrastructure (TSI) server stack, and in the future, TDI will be the bridge to bring the tactical network situational understanding (SU) cyber information into CPCE.
"The Cyber SU capability will use the information from TDI to update the dashboard with mission impact analytics," said John Keenan, chief engineer for PMMC Cyber. "It will provide the 'so what' in terms of mission impact of cyber to the commander."
The TDI will undergo an operational assessment with the 1st CAV this spring at Exercise Defender 2020 in Germany, where it will face malicious network traffic from a red team attack.
"Right now, the most important service we are providing is ease of use for the local defender to be able to assess the massive amounts of data coming in," Keenan said.
The U.S. Army Program Executive Office Command, Control and Communications-Tactical develops, acquires, fields and supports the Army's mission command network to ensure force readiness. This critical Army modernization priority delivers tactical communications so commanders and Soldiers can stay connected and informed at all times, even in the most austere and hostile environments. PEO C3T is delivering the network to regions around the globe, enabling high-speed, high-capacity voice, data and video communications to a user base that includes the Army's joint, coalition and other mission partners.