Cyberwar is here. Being able to detect and monitor a cyber attack is necessary to protect our national interests. Being able to respond to a cyber attack has additional merit. During this SBIR effort, OR Concepts Applied (ORCA) embarked upon a research and development effort called Argos (a name, not an acronym) to create innovative software that supports command and control (C2) of cyber assets for both defensive and offensive applications. Our focus has been on tools that provide commanders and operators with cyber situation awareness (SA). A critical part of our work has been devising visualization tools to support cyberspace command and control (CC2) applications.
ORCA has taken an in depth look at cyber attacks from footprinting, to system compromise, to back door installation and clean up. We set up a security lab with several honey pots to capture threat and learn more about malware used by script kiddies and aspiring black hat hackers. We studied botnets and their relevance to modern cyber warfare.
We examined a tool used by a network operations center (NOC) and rebuilt it using modern human factors considerations. The new interactive intrusion chart prototype can analyze server log data with interactive filtering, drilldown into day and time, frequency and severity display modes, and drilldown into specific attackers. Visualization focused on presenting the severity (green to red) and frequency (white to black) of attacks. The prototype was demonstrated during the Phase I final briefing.
Our research has laid the foundation for the development of a CC2 system. Defensive tools were described to detect, monitor, and react to attacks against friendly nodes. We detailed how effects monitoring could be built to analyze the effects of actions taken by the CC2 system. We outlined information gathering tools to populate the cyber landscape and provide much needed intelligence. We discussed offensive toolkits to take advantage of the latest in script kiddy tools, providing a “Script Kiddies on Steroids” offensive capability. Visualizations for each of these tools have been explored, along with simulation elements to test the SA capabilities of various approaches.