Suzanne P. Hassell

Cyber defense Network Maneuver Commander

Network Maneuver Commander (NMC) is a research project to develop a prototype cyber command and control (C2) system that maneuvers network-based elements preemptively, and to develop performance metrics to be used for the evaluation of cyber dynamic defense solutions. The Network Maneuver Commander addresses the gap area between active information operations & reactive information assurance defenses, by focusing on the introduction of artificial diversity of hardware platforms, operating systems, IP addresses and hypervisors. NMC also establishes metrics to determine the benefit of these defensive techniques. The goals of the research were to increase the investment an attacker must make to succeed, increase the exposure of an attacker to detection as the attacker is forced to out-maneuver target reconfigurations, increase the uncertainty of the success of the attack, increase the survivability in the presence of attacks, and to define metrics associated with cyber operations for dynamic defense.

Using cyber maneuver to improve network resiliency

The Net Maneuver Commander (NMC) is a research prototype cyber command and control (C2) system which constantly maneuvers network-based elements preemptively to improve network resiliency in a cyber compromised environment. Similar in concept to a frequency hopping radio, Network Maneuver Commander transparently and preemptively provides a moving target defense to evade attack. It utilizes randomization algorithms for maneuver destination selection, providing randomized synthetic diversity of hardware platforms, operating systems and network segments. Network Maneuver Commander also improves resiliency through random and pre-emptive application and platform reconstitution with check-pointing, reloading and resetting, and through the support of deception and containment of malware.

Measurement, identification and calculation of cyber defense metrics

This paper presents performance metrics to be used for evaluation of cyber dynamic defense solutions. Currently, there are no standard, industry-defined metrics or benchmarks for evaluating cyber security architectures and systems for dynamic defense. These systems have relied instead on a layered, “defense in depth” approach, where the only measurement made is the number of defenses. In order to characterize the performance of cyber defense solutions, a variety of metrics need to be defined and captured based on observable effects on both cyber attacks and defenses. By establishing these metrics, the benefit each individual layer provides to an overall defensive solution can be determined, allowing system designers to select the most effective suite of defensive techniques. The metrics presented were formulated using a discrete event simulation of dynamic defense solutions. The focus of this simulation was to assess the increased cost to cyber attackers, where cost is based in time. Metrics are captured from the perspective of the defender, as well as that of the attacker. Collection of data supporting computation of the metrics will be shown in a discrete event simulation environment, as well as recommendations for network locations and equipment that can be used to collect these metrics in a notional network architecture.

Evaluating network cyber resiliency methods using cyber threat, Vulnerability and Defense Modeling and Simulation

This paper describes a Cyber Threat, Vulnerability and Defense Modeling and Simulation tool kit used for evaluation of systems and networks to improve cyber resiliency. This capability is used to help increase the resiliency of networks at various stages of their lifecycle, from initial design and architecture through the operation of deployed systems and networks. Resiliency of computer systems and networks to cyber threats is facilitated by the modeling of agile and resilient defenses versus threats and running multiple simulations evaluated against resiliency metrics. This helps network designers, cyber analysts and Security Operations Center personnel to perform trades using what-if scenarios to select resiliency capabilities and optimally design and configure cyber resiliency capabilities for their systems and networks.